Advisories » MGASA-2021-0511

Updated python-django-filter packages fix security vulnerability

Publication date: 18 Nov 2021
Modification date: 18 Nov 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2020-15225

Description

In django-filter before version 2.4.0, automatically generated 'NumberFilter'
instances, whose value was later converted to an integer, were subject to
potential DoS from maliciously input using exponential format with
sufficiently large exponents.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29603
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DPHENTRHRAYFXYPPBT7JRHZRWILRY44S/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15225

SRPMS

8/core

• python-django-filter-2.4.0-1.mga8