Mageia 8: MGASA-2022-0104 Moderate: Django XSS And Asgiref DoS
mageia
March 21, 2022
The {% debug %} template tag didn't properly encode the current context posing an XSS attack vector (CVE-2022-22818)
Summary
The {% debug %} template tag didn't properly encode the current context
posing an XSS attack vector (CVE-2022-22818).
Passing certain inputs to multipart forms could result in an infinite loop
when parsing files resulting in a denial of service (CVE-2022-23833).
The python-django update necessitated a version update to python-asgiref
as well.
References
- https://bugs.mageia.org/show_bug.cgi?id=29984
- https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
- https://www.cve.org/CVERecord?id=CVE-2022-22818
- https://www.cve.org/CVERecord?id=CVE-2022-23833
Topics Covered
Resolution
SRPMS
- 8/core/python-django-3.2.12-1.mga8
- 8/core/python-asgiref-3.5.0-1.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 21 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0104.html
Type: security
CVE: CVE-2022-22818,
CVE-2022-23833
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!