OPENSUSE-SU-2024:0272-1
Advisory lineage Upstream: 4 Downstream: 0
Published: 30 Aug 2024, 13:49
Last modified:04 Feb 2026, 02:35
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
30 Aug 2024, 13:49
Published
Vulnerability first disclosed
04 Feb 2026, 02:35
Last Modified
Vulnerability information updated
Description
Security update for python-Django This update for python-Django fixes the following issues: * CVE-2024-42005: Fixed potential SQL injection in QuerySet.values() and values_list() (boo#1228629) * CVE-2024-41989: Fixed memory exhaustion in django.utils.numberformat.floatformat() (boo#1228630) * CVE-2024-41990: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() (boo#1228631) * CVE-2024-41991: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget (boo#1228632)
Affected Systems
- opensuse•python-Django&distro=openSUSE Leap 15.5
< 2.2.28-bp155.7.15.1
- suse•python-Django&distro=SUSE Package Hub 15 SP5
< 2.2.28-bp155.7.15.1
References (9)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AVXH6TTRGIUJPHG6XVNN3KNBVNT5ELJK/
- https://bugzilla.suse.com/1228629
- https://bugzilla.suse.com/1228630
- https://bugzilla.suse.com/1228631
- https://bugzilla.suse.com/1228632
- https://www.suse.com/security/cve/CVE-2024-41989
- https://www.suse.com/security/cve/CVE-2024-41990
- https://www.suse.com/security/cve/CVE-2024-41991
- https://www.suse.com/security/cve/CVE-2024-42005