Advisories ยป MGASA-2022-0104

Updated python-django/python-asgiref packages fix security vulnerability

Publication date: 21 Mar 2022
Modification date: 21 Mar 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-22818 , CVE-2022-23833

Description

The {% debug %} template tag didn't properly encode the current context
posing an XSS attack vector (CVE-2022-22818).

Passing certain inputs to multipart forms could result in an infinite loop
when parsing files resulting in a denial of service (CVE-2022-23833).

The python-django update necessitated a version update to python-asgiref
as well.
                

References

SRPMS

8/core