ALT Linux Team

Package python3-module-django update in sisyphus on 2025-06-09

ALT-PU-2025-7860-2

Package python3-module-django updated to version 5.2.2-alt1 for branch sisyphus in task 386425.

Closed vulnerabilities

Published: 2025-06-04

BDU:2025-06450

Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале

Severity: MEDIUM (4.0) Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity: LOW (2.6) Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
References:
Published: 2025-06-05
Modified: 2025-06-10

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

Severity: MEDIUM (4.0) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top