1
0
mirror of https://github.com/django/django.git synced 2025-06-05 11:39:13 +00:00

[5.0.x] Added CVE-2024-53907 and CVE-2024-53908 to security archive.

Backport of 595cb4a7aeb1ba1770d10d601ce9a2b4e487c46e from main.
This commit is contained in:
Sarah Boyce 2024-12-04 16:30:03 +01:00
parent 2d230132d7
commit cb115d85e2

View File

@ -36,6 +36,28 @@ Issues under Django's security process
All security issues have been handled under versions of Django's security All security issues have been handled under versions of Django's security
process. These are listed below. process. These are listed below.
December 4, 2024 - :cve:`2024-53907`
------------------------------------
Potential denial-of-service in django.utils.html.strip_tags().
`Full description
<https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>`__
* Django 5.1 :commit:`(patch) <bbc74a7f7eb7335e913bdb4787f22e83a9be947e>`
* Django 5.0 :commit:`(patch) <a5a89ea28cc550c1b29b03f9e14ef3c128ec1e84>`
* Django 4.2 :commit:`(patch) <790eb058b0716c536a2f2e8d1c6d5079d776c22b>`
December 4, 2024 - :cve:`2024-53908`
------------------------------------
Potential SQL injection in HasKey(lhs, rhs) on Oracle.
`Full description
<https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>`__
* Django 5.1 :commit:`(patch) <6943d61818e63e77b65d8b1ae65941e8f04bd87b>`
* Django 5.0 :commit:`(patch) <ff08bb6c70aa45f83a5ef3bd0b601c7c9d1a7642>`
* Django 4.2 :commit:`(patch) <7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5>`
September 3, 2024 - :cve:`2024-45231` September 3, 2024 - :cve:`2024-45231`
------------------------------------- -------------------------------------