MGASA-2022-0104

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2022-0104.html
Import Source
https://advisories.mageia.org/MGASA-2022-0104.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2022-0104
Related
Published
2022-03-21T20:18:30Z
Modified
2022-03-21T19:29:44Z
Summary
Updated python-django/python-asgiref packages fix security vulnerability
Details

The {% debug %} template tag didn't properly encode the current context posing an XSS attack vector (CVE-2022-22818).

Passing certain inputs to multipart forms could result in an infinite loop when parsing files resulting in a denial of service (CVE-2022-23833).

The python-django update necessitated a version update to python-asgiref as well.

References
Credits

Affected packages

Mageia:8 / python-django

Package

Name
python-django
Purl
pkg:rpm/mageia/python-django?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.12-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / python-asgiref

Package

Name
python-asgiref
Purl
pkg:rpm/mageia/python-asgiref?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.0-1.mga8

Ecosystem specific 

{
    "section": "core"
}