Django の開発チームは、Django のセキュリティポリシー にしたがって、セキュリティに関わる問題を、責任を持って積極的に公表しています。
この活動の一部として、修正・公開した問題の履歴リストをメンテナンスしています。以下のリストには、各問題に対して、日付、短い説明、もし存在すれば CVE identifier 、影響を受けるバージョン、完全な情報開示ページへのリンク、適切なパッチへのリンクが記載されています。
これらの情報に関する重要な注意書き
All security issues have been handled under versions of Django's security process. These are listed below.
Potential SQL injection in QuerySet.annotate(), aggregate(), and
extra(). Full description
Potential SQL injection via QuerySet.explain(**options) on PostgreSQL.
Full description
Possible XSS via {% debug %} template tag. Full description
Denial-of-service possibility in file uploads. Full description
Potential directory-traversal via Storage.save(). Full description
Potential information disclosure in dictsort template filter. Full
description
Denial-of-service possibility in UserAttributeSimilarityValidator. Full
description
Potential bypass of an upstream access control based on URL paths. Full description
Potential SQL injection via unsanitized QuerySet.order_by() input. Full
description
Potential directory traversal via admindocs. Full description
Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses. Full description
Header injection possibility since URLValidator accepted newlines in input
on Python 3.9.5+. Full description
Potential directory-traversal via uploaded files. Full description
Potential directory-traversal via uploaded files. Full description
Web cache poisoning via django.utils.http.limited_parse_qsl(). Full
description
Potential directory-traversal via archive.extract(). Full description
Permission escalation in intermediate-level directories of the file system cache on Python 3.7+. Full description
Incorrect permissions on intermediate-level directories on Python 3.7+. Full description
Possible XSS via admin ForeignKeyRawIdWidget. Full description
Potential data leakage via malformed memcached keys. Full description
Potential SQL injection via tolerance parameter in GIS functions and
aggregates on Oracle. Full description
StringAgg(delimiter) を通じた潜在的 SQL インジェクション. ` <https://www.djangoproject.com/weblog/2020/feb/03/security-releases/>`__
Potential account hijack via password reset form. Full description
Privilege escalation in the Django admin. Full description
django.utils.encoding.uri_to_iri() におけるメモリ枯渇の可能性。詳細な説明
SQL injection possibility in key and index lookups for
JSONField/HStoreField. Full description
Denial-of-service possibility in strip_tags(). Full description
Denial-of-service possibility in django.utils.text.Truncator. Full
description
Incorrect HTTP detection with reverse-proxy connecting via HTTPS. Full description
XSS via "Current URL" link generated by AdminURLFieldWidget. Full
description
Prototype pollution in bundled jQuery. Full description
django.utils.numberformat.format() におけるメモリ枯渇の問題。詳細な説明
デフォルトの 404 ページにおけるコンテンツスプーフィングの可能性。詳細な説明
Password hash disclosure to 「表示のみ (view only)」の admin ユーザーにパスワードのハッシュが意図せず公開されてしまう問題。詳細な説明
CommonMiddleware におけるオープンリダイレクトの可能性。詳細な説明
truncatechars_html と truncatewords_html テンプレートフィルタにおけるDoS 攻撃の可能性。 詳細な説明
urlize と urlizetrunc テンプレートフィルタにおける DoS 攻撃の可能性。詳細な説明
AuthenticationForm における情報漏えい問題。詳細な説明
Possible XSS in traceback section of technical 500 debug page. Full description
Open redirect vulnerability in django.views.static.serve(). Full
description
Open redirect and possible XSS attack via user-supplied numeric redirect URLs. Full description
DNS rebinding vulnerability when DEBUG=True. Full description
User with hardcoded password created when running tests on Oracle. Full description
CSRF protection bypass on a site with Google Analytics. Full description
XSS in admin's add/change related popup. Full description
User enumeration through timing difference on password hasher work factor upgrade. Full description
Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth. Full description
User with "change" but not "add" permission can create objects for
ModelAdmin’s with save_as=True. Full description
Settings leak possibility in date template filter. Full description
Denial-of-service possibility in logout() view by filling session store.
Full description
Denial-of-service possibility in URL validation. Full description
Header injection possibility since validators accept newlines in input. Full description
Denial-of-service possibility by filling session store. Full description
Fixed session flushing in the cached_db backend. Full description
Mitigated possible XSS attack via user-supplied redirect URLs. Full description
Denial-of-service possibility with strip_tags(). Full description
XSS attack via properties in ModelAdmin.readonly_fields. Full description
Database denial-of-service with ModelMultipleChoiceField. Full description
Denial-of-service attack against django.views.static.serve(). Full
description
Mitigated possible XSS attack via user-supplied redirect URLs. Full description
WSGI header spoofing via underscore/dash conflation. Full description
Data leakage via querystring manipulation in admin. Full description
RemoteUserMiddleware session hijacking. Full description
File upload denial of service. Full description
reverse() can generate URLs pointing to other hosts. Full description
Malformed URLs from user input incorrectly validated. Full description
Caches may be allowed to store and serve private data. Full description
MySQL typecasting causes unexpected query results. Full description
Caching of anonymous pages could reveal CSRF token. Full description
Unexpected code execution using reverse(). Full description
Denial-of-service via large passwords. Full description
Directory-traversal via ssi template tag. Full description
Possible XSS via unvalidated URL redirect schemes. Full description
XSS via admin trusting URLField values. Full description
Denial-of-service via formset max_num bypass. Full description
Information leakage via admin history log. Full description
Entity-based attacks against Python XML libraries. Full description
Additional hardening of Host header handling. Full description
Additional hardening of redirect validation. Full description
Additional hardening of Host header handling. Full description
Host header poisoning. Full description
Denial-of-service via large image files. Full description
Denial-of-service via compressed image files. Full description
XSS via failure to validate redirect scheme. Full description
Potential CSRF via Host header. Full description
This notification was an advisory only, so no patches were issued.
Host header cache poisoning. Full description
Information leakage/arbitrary request issuance via URLField.verify_exists.
Full description
Denial-of-service via URLField.verify_exists. Full description
Session manipulation when using memory-cache-backed session. Full description
Directory-traversal on Windows via incorrect path-separator handling. Full description
XSS via unsanitized names of uploaded files. Full description
CSRF via forged HTTP headers. Full description
Denial-of-service in password-reset mechanism. Full description
Information leakage in administrative interface. Full description
XSS via trusting unsafe cookie value. Full description
Denial-of-service via pathological regular expression performance. Full description
Directory-traversal in development server media handler. Full description
CSRF via preservation of POST data during admin login. Full description
XSS via admin login redirect. Full description
Denial-of-service via arbitrarily-large Accept-Language header. Full
description
いくつかのセキュリティ問題については、Django が正式にセキュリティ問題の処理プロセスを確立する以前に修正されました。そのような修正に対しては、新しいリリースが出されたときに修正された CVE が記載されていないことがあります。
Apparent "caching" of authenticated user. Full description
2022年6月01日