OESA-2025-1617

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1617

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1617.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1617

Upstream

CVE-2025-48432

Published

2025-06-13T14:19:16Z

Modified

2025-08-12T05:51:21.379604Z

Summary

python-django security update

Details

A high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Security Fix(es):

A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 (Content Management System).CWE is classifying the issue as CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.This is going to have an impact on integrity.Upgrading to version 4.2.22, 5.1.10 or 5.2.2 eliminates this vulnerability.(CVE-2025-48432)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / python-django

Package

Name: python-django
Purl: pkg:rpm/openEuler/python-django&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.27-17.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "python-django-help-2.2.27-17.oe2003sp4.noarch.rpm",
        "python3-Django-2.2.27-17.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "python-django-2.2.27-17.oe2003sp4.src.rpm"
    ]
}