{"affected":[{"ecosystem_specific":{"binaries":[{"python3-Django":"2.0.7-150000.1.20.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"python-Django","purl":"pkg:rpm/opensuse/python-Django&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.7-150000.1.20.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-Django fixes the following issues:\n\n- CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590)\n- CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords (bsc#1227593)\n- CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594)\n- CVE-2024-39614: Fixed potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595)\n- CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (bsc#1207565)\n","id":"SUSE-SU-2024:2545-1","modified":"2024-07-17T11:58:55Z","published":"2024-07-17T11:58:55Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20242545-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207565"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227590"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227593"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227594"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227595"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-23969"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-38875"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-39329"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-39330"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-39614"}],"related":["CVE-2023-23969","CVE-2024-38875","CVE-2024-39329","CVE-2024-39330","CVE-2024-39614"],"summary":"Security update for python-Django","upstream":["CVE-2023-23969","CVE-2024-38875","CVE-2024-39329","CVE-2024-39330","CVE-2024-39614"]}