Upgrade Django to 2.0.11
CuriousLearner opened this issue · comments
CVE-2019-6975
moderate severity
Vulnerable versions: >= 2.0.0, < 2.0.11
Patched version: 2.0.11
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
CVE-2019-3498
More information
low severity
Vulnerable versions: >= 2.0.0, < 2.0.10
Patched version: 2.0.10
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
I'll work on upgrading it to 2.2.3 which is the latest version as of now. I hope that's all right.
Sounds good!