8000 [4.2.x] Added CVE-2024-53907 and CVE-2024-53908 to security archive. · django/django@0ff19d1 · GitHub
[go: up one dir, main page]

Skip to content

Commit 0ff19d1

Browse files
committed
[4.2.x] Added CVE-2024-53907 and CVE-2024-53908 to security archive.
Backport of 595cb4a from main.
1 parent 6c4fc7d commit 0ff19d1

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

docs/releases/security.txt

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,28 @@ Issues under Django's security process
3636
All security issues have been handled under versions of Django's security
3737
process. These are listed below.
3838

39+
December 4, 2024 - :cve:`2024-53907`
40+
------------------------------------
41+
42+
Potential denial-of-service in django.utils.html.strip_tags().
43+
`Full description
44+
<https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>`__
45+
46+
* Django 5.1 :commit:`(patch) <bbc74a7f7eb7335e913bdb4787f22e83a9be947e>`
47+
* Django 5.0 :commit:`(patch) <a5a89ea28cc550c1b29b03f9e14ef3c128ec1e84>`
48+
* Django 4.2 :commit:`(patch) <790eb058b0716c536a2f2e8d1c6d5079d776c22b>`
49+
50+
December 4, 2024 - :cve:`2024-53908`
51+
------------------------------------
52+
53+
Potential SQL injection in HasKey(lhs, rhs) on Oracle.
54+
`Full description
55+
<https://www.djangoproject.com/weblog/2024/dec/04/security-releases/>`__
56+
57+
* Django 5.1 :commit:`(patch) <6943d61818e63e77b65d8b1ae65941e8f04bd87b>`
58+
* Django 5.0 :commit:`(patch) <ff08bb6c70aa45f83a5ef3bd0b601c7c9d1a7642>`
59+
* Django 4.2 :commit:`(patch) <7376bcbf508883282ffcc0f0fac5cf0ed2d6cbc5>`
60+
3961
September 3, 2024 - :cve:`2024-45231`
4062
-------------------------------------
4163

0 commit comments

Comments
 (0)
0