Ubuntu Security Update USN-6946-1: Django vulnerabilities

[LinuxBot]

It was discovered that Django incorrectly handled certain strings in floatformat function. An attacker could possibly use this issue to cause a memory exhaustion. (CVE-2024-41989) It was discovered that Django incorrectly handled very large inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-41990) It was discovered that Django in AdminURLFieldWidget incorrectly handled certain inputs with a very large number of Unicode characters. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-41991) It was discovered that Django incorrectly handled certain JSON objects. An attacker could possibly use this issue to cause a potential SQL injection. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-42005)

Continue reading...