USN-7903-1
- Source
- https://ubuntu.com/security/notices/USN-7903-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7903-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7903-1
- Upstream
- Related
- Published
- 2025-12-02T15:14:35.445631Z
- Modified
- 2025-12-03T17:48:11.685800Z
- Summary
- python-django vulnerabilities
- Details
-
It was discovered that Django incorrectly handled certain characters in the FilteredRelation object. An attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-13372)
Seokchan Yoon discovered that Django inefficiently handled deserialization of XML objects. An attacker could possibly use this issue to cause Django to use excessive resources, causing a denial of service. (CVE-2025-64460)
- References
Affected packages
Ubuntu:22.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@2:3.2.12-2ubuntu1.24?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:3.2.12-2ubuntu1.24
Affected versions
2:2.*
2:2.2.24-1ubuntu1
2:3.*
2:3.2.12-2
2:3.2.12-2ubuntu1
2:3.2.12-2ubuntu1.1
2:3.2.12-2ubuntu1.2
2:3.2.12-2ubuntu1.3
2:3.2.12-2ubuntu1.4
2:3.2.12-2ubuntu1.5
2:3.2.12-2ubuntu1.6
2:3.2.12-2ubuntu1.7
2:3.2.12-2ubuntu1.8
2:3.2.12-2ubuntu1.9
2:3.2.12-2ubuntu1.10
2:3.2.12-2ubuntu1.11
2:3.2.12-2ubuntu1.12
2:3.2.12-2ubuntu1.13
2:3.2.12-2ubuntu1.14
2:3.2.12-2ubuntu1.15
2:3.2.12-2ubuntu1.16
2:3.2.12-2ubuntu1.17
2:3.2.12-2ubuntu1.18
2:3.2.12-2ubuntu1.19
2:3.2.12-2ubuntu1.20
2:3.2.12-2ubuntu1.21
2:3.2.12-2ubuntu1.22
2:3.2.12-2ubuntu1.23
Ubuntu:24.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@3:4.2.11-1ubuntu1.13?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3:4.2.11-1ubuntu1.13
Affected versions
3:4.*
3:4.2.4-1ubuntu2
3:4.2.8-1
3:4.2.9-1
3:4.2.11-1
3:4.2.11-1ubuntu1
3:4.2.11-1ubuntu1.1
3:4.2.11-1ubuntu1.2
3:4.2.11-1ubuntu1.3
3:4.2.11-1ubuntu1.4
3:4.2.11-1ubuntu1.5
3:4.2.11-1ubuntu1.6
3:4.2.11-1ubuntu1.7
3:4.2.11-1ubuntu1.8
3:4.2.11-1ubuntu1.9
3:4.2.11-1ubuntu1.10
3:4.2.11-1ubuntu1.11
3:4.2.11-1ubuntu1.12
Ubuntu:25.04
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@3:4.2.18-1ubuntu1.7?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3:4.2.18-1ubuntu1.7
Affected versions
3:4.*
3:4.2.15-1ubuntu1
3:4.2.17-2
3:4.2.18-1
3:4.2.18-1ubuntu1
3:4.2.18-1ubuntu1.1
3:4.2.18-1ubuntu1.2
3:4.2.18-1ubuntu1.3
3:4.2.18-1ubuntu1.4
3:4.2.18-1ubuntu1.5
3:4.2.18-1ubuntu1.6
Ubuntu:25.10
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@3:5.2.4-1ubuntu2.2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3:5.2.4-1ubuntu2.2
Affected versions
3:4.*
3:4.2.18-1ubuntu1
3:4.2.18-1ubuntu1.1
3:5.*
3:5.2.4-1
3:5.2.4-1ubuntu1
3:5.2.4-1ubuntu2
3:5.2.4-1ubuntu2.1
Ubuntu:Pro:14.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1.6.11-0ubuntu1.3+esm9?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.11-0ubuntu1.3+esm9
Affected versions
1.*
1.5.4-1ubuntu1
1.6-1
1.6.1-1
1.6.1-2
1.6.1-2ubuntu0.1
1.6.1-2ubuntu0.2
1.6.1-2ubuntu0.3
1.6.1-2ubuntu0.4
1.6.1-2ubuntu0.5
1.6.1-2ubuntu0.6
1.6.1-2ubuntu0.8
1.6.1-2ubuntu0.9
1.6.1-2ubuntu0.10
1.6.1-2ubuntu0.11
1.6.1-2ubuntu0.12
1.6.1-2ubuntu0.13
1.6.1-2ubuntu0.14
1.6.1-2ubuntu0.15
1.6.1-2ubuntu0.16
1.6.11-0ubuntu1
1.6.11-0ubuntu1.1
1.6.11-0ubuntu1.2
1.6.11-0ubuntu1.3
1.6.11-0ubuntu1.3+esm1
1.6.11-0ubuntu1.3+esm2
1.6.11-0ubuntu1.3+esm3
1.6.11-0ubuntu1.3+esm4
1.6.11-0ubuntu1.3+esm5
1.6.11-0ubuntu1.3+esm6
1.6.11-0ubuntu1.3+esm7
1.6.11-0ubuntu1.3+esm8
Ubuntu:Pro:16.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1.8.7-1ubuntu5.15+esm10?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.7-1ubuntu5.15+esm10
Affected versions
1.*
1.7.9-1ubuntu5
1.8.5-2ubuntu1
1.8.7-1ubuntu1
1.8.7-1ubuntu2
1.8.7-1ubuntu3
1.8.7-1ubuntu4
1.8.7-1ubuntu5
1.8.7-1ubuntu5.1
1.8.7-1ubuntu5.2
1.8.7-1ubuntu5.4
1.8.7-1ubuntu5.5
1.8.7-1ubuntu5.6
1.8.7-1ubuntu5.7
1.8.7-1ubuntu5.8
1.8.7-1ubuntu5.9
1.8.7-1ubuntu5.10
1.8.7-1ubuntu5.11
1.8.7-1ubuntu5.12
1.8.7-1ubuntu5.13
1.8.7-1ubuntu5.14
1.8.7-1ubuntu5.15
1.8.7-1ubuntu5.15+esm1
1.8.7-1ubuntu5.15+esm3
1.8.7-1ubuntu5.15+esm4
1.8.7-1ubuntu5.15+esm5
1.8.7-1ubuntu5.15+esm6
1.8.7-1ubuntu5.15+esm7
1.8.7-1ubuntu5.15+esm8
1.8.7-1ubuntu5.15+esm9
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.8.7-1ubuntu5.15+esm10",
"binary_name": "python-django"
},
{
"binary_version": "1.8.7-1ubuntu5.15+esm10",
"binary_name": "python-django-common"
},
{
"binary_version": "1.8.7-1ubuntu5.15+esm10",
"binary_name": "python3-django"
}
]
}Ubuntu:Pro:18.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1:1.11.11-1ubuntu1.21+esm13?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:1.11.11-1ubuntu1.21+esm13
Affected versions
1:1.*
1:1.11.4-1ubuntu1
1:1.11.6-1ubuntu1
1:1.11.9-1ubuntu1
1:1.11.11-1ubuntu1
1:1.11.11-1ubuntu1.1
1:1.11.11-1ubuntu1.2
1:1.11.11-1ubuntu1.3
1:1.11.11-1ubuntu1.4
1:1.11.11-1ubuntu1.5
1:1.11.11-1ubuntu1.6
1:1.11.11-1ubuntu1.7
1:1.11.11-1ubuntu1.8
1:1.11.11-1ubuntu1.9
1:1.11.11-1ubuntu1.10
1:1.11.11-1ubuntu1.11
1:1.11.11-1ubuntu1.12
1:1.11.11-1ubuntu1.13
1:1.11.11-1ubuntu1.14
1:1.11.11-1ubuntu1.15
1:1.11.11-1ubuntu1.16
1:1.11.11-1ubuntu1.17
1:1.11.11-1ubuntu1.18
1:1.11.11-1ubuntu1.19
1:1.11.11-1ubuntu1.20
1:1.11.11-1ubuntu1.21
1:1.11.11-1ubuntu1.21+esm1
1:1.11.11-1ubuntu1.21+esm2
1:1.11.11-1ubuntu1.21+esm3
1:1.11.11-1ubuntu1.21+esm4
1:1.11.11-1ubuntu1.21+esm5
1:1.11.11-1ubuntu1.21+esm6
1:1.11.11-1ubuntu1.21+esm7
1:1.11.11-1ubuntu1.21+esm8
1:1.11.11-1ubuntu1.21+esm9
1:1.11.11-1ubuntu1.21+esm10
1:1.11.11-1ubuntu1.21+esm11
1:1.11.11-1ubuntu1.21+esm12
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1:1.11.11-1ubuntu1.21+esm13",
"binary_name": "python-django"
},
{
"binary_version": "1:1.11.11-1ubuntu1.21+esm13",
"binary_name": "python-django-common"
},
{
"binary_version": "1:1.11.11-1ubuntu1.21+esm13",
"binary_name": "python3-django"
}
]
}Ubuntu:Pro:20.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@2:2.2.12-1ubuntu0.29+esm6?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:2.2.12-1ubuntu0.29+esm6
Affected versions
1:1.*
1:1.11.22-1ubuntu1
2:2.*
2:2.2.6-1ubuntu1
2:2.2.9-2ubuntu1
2:2.2.10-1
2:2.2.10-1ubuntu1
2:2.2.11-1
2:2.2.12-1
2:2.2.12-1ubuntu0.1
2:2.2.12-1ubuntu0.2
2:2.2.12-1ubuntu0.3
2:2.2.12-1ubuntu0.4
2:2.2.12-1ubuntu0.5
2:2.2.12-1ubuntu0.6
2:2.2.12-1ubuntu0.7
2:2.2.12-1ubuntu0.8
2:2.2.12-1ubuntu0.9
2:2.2.12-1ubuntu0.10
2:2.2.12-1ubuntu0.11
2:2.2.12-1ubuntu0.12
2:2.2.12-1ubuntu0.13
2:2.2.12-1ubuntu0.14
2:2.2.12-1ubuntu0.15
2:2.2.12-1ubuntu0.16
2:2.2.12-1ubuntu0.17
2:2.2.12-1ubuntu0.18
2:2.2.12-1ubuntu0.19
2:2.2.12-1ubuntu0.20
2:2.2.12-1ubuntu0.21
2:2.2.12-1ubuntu0.22
2:2.2.12-1ubuntu0.23
2:2.2.12-1ubuntu0.24
2:2.2.12-1ubuntu0.25
2:2.2.12-1ubuntu0.26
2:2.2.12-1ubuntu0.27
2:2.2.12-1ubuntu0.28
2:2.2.12-1ubuntu0.29
2:2.2.12-1ubuntu0.29+esm1
2:2.2.12-1ubuntu0.29+esm2
2:2.2.12-1ubuntu0.29+esm3
2:2.2.12-1ubuntu0.29+esm4
2:2.2.12-1ubuntu0.29+esm5