Search CVE reports
1 – 10 of 756 results
CVE-2024-56374
Medium prioritySome fixes available 4 of 6
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential...
1 affected package
python-django
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-django | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2024-9774
Medium priorityA vulnerability was found in python-sql where unary operators do not escape non-Expression.
1 affected package
python-sql
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-sql | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-12254
Medium prioritySome fixes available 2 of 3
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not “pause” writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the “high-water mark”. Because...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.11 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.12 | Fixed | Not in release | Not in release | Not in release | Not in release |
python3.13 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.8 | Not in release | Not in release | Not affected | Not affected | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2024-53908
Medium priorityAn issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection...
1 affected package
python-django
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-django | Fixed | Not affected | Not affected | Not affected | Not affected |
CVE-2024-53907
Medium prioritySome fixes available 6 of 7
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing...
1 affected package
python-django
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-django | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-53981
Medium prioritypython-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens...
1 affected package
python-multipart
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-multipart | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-53861
Medium prioritypyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `“acb”` being accepted for `“_abc_”`. This is a bug introduced in version 2.10.0: checking the “iss” claim...
1 affected package
pyjwt
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pyjwt | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-53899
Medium priorityvirtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
1 affected package
python-virtualenv
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-virtualenv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-52804
Medium priorityTornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when...
1 affected package
python-tornado
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-tornado | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2024-52304
Medium priorityaiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under...
1 affected package
python-aiohttp
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-aiohttp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |