AVG-1015 log

Package python-django
Status Fixed
Severity Medium
Type multiple issues
Affected 2.2.3-1
Fixed 2.2.4-1
Current 5.1.4-1 [extra]
Ticket None
Created Fri Aug 2 13:24:39 2019
Issue Severity Remote Type Description
CVE-2019-14235 Medium Yes Denial of service
If passed certain inputs, django.utils.encoding.uri_to_iri() could lead to significant memory usage due to excessive recursion when re- percent encoding...
CVE-2019-14234 Medium Yes Sql injection
Key and index lookups for JSONField and key lookups for HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary...
CVE-2019-14233 Medium Yes Denial of service
Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large...
CVE-2019-14232 Medium Yes Denial of service
If ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` methods were passed the ``html=True`` argument, they were extremely slow to evaluate...
Date Advisory Package Type
05 Aug 2019 ASA-201908-2 python-django multiple issues