{"affected":[{"ecosystem_specific":{"binaries":[{}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"python-Django","purl":"pkg:rpm/suse/python-Django&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.28-bp155.7.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"python-Django","purl":"pkg:rpm/opensuse/python-Django&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.28-bp155.7.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-Django fixes the following issues:\n\n- CVE-2023-23969: Potential denial-of-service via Accept-Language headers (boo#1207565)\n- CVE-2024-38875: Potential denial-of-service attack via certain inputs with a very large number of brackets (boo#1227590)\n- CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (boo#1227593)\n- CVE-2024-39330: Potential directory traversal in django.core.files.storage.Storage.save() (boo#1227594)\n- CVE-2024-39614: Potential denial-of-service through django.utils.translation.get_supported_language-variant()  (boo#1227595)\n","id":"openSUSE-SU-2024:0251-1","modified":"2024-08-18T07:32:42Z","published":"2024-08-18T07:32:42Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OU4KXNSFOQVRSGL2OQCMRA3EFMPZEGEU/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207565"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227590"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227593"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227594"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227595"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-23969"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38875"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-39329"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-39330"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-39614"}],"related":["CVE-2023-23969","CVE-2024-38875","CVE-2024-39329","CVE-2024-39330","CVE-2024-39614"],"summary":"Security update for python-Django","upstream":["CVE-2023-23969","CVE-2024-38875","CVE-2024-39329","CVE-2024-39330","CVE-2024-39614"]}