An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2577-1 advisory.

    - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of     brackets (bsc#1227590)
    - CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords     (bsc#1227593)
    - CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save()     (bsc#1227594)
    - CVE-2024-39614: Fixed potential denial-of-service through     django.utils.translation.get_supported_language_variant() (bsc#1227595)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2545-1 advisory.

    - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of     brackets (bsc#1227590)
    - CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords     (bsc#1227593)
    - CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save()     (bsc#1227594)
    - CVE-2024-39614: Fixed potential denial-of-service through     django.utils.translation.get_supported_language_variant() (bsc#1227595)
    - CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (bsc#1207565)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6888-2 advisory.

    USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for     Ubuntu 18.04 LTS.

    Original advisory details:

    Elias Myllymki discovered that Django incorrectly handled certain inputs

    with a large number of brackets. A remote attacker could possibly use this

    issue to cause Django to consume resources or stop responding, resulting in

    a denial of service. (CVE-2024-38875)

    It was discovered that Django incorrectly handled authenticating users with

    unusable passwords. A remote attacker could possibly use this issue to

    perform a timing attack and enumerate users. (CVE-2024-39329)

    Josh Schneier discovered that Django incorrectly handled file path

    validation when the storage class is being derived. A remote attacker could

    possibly use this issue to save files into arbitrary directories.

    (CVE-2024-39330)

    It was discovered that Django incorrectly handled certain long strings that

    included a specific set of characters. A remote attacker could possibly use

    this issue to cause Django to consume resources or stop responding,

    resulting in a denial of service. (CVE-2024-39614)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 171afa61-3eba-11ef-a58f-080027836e8b advisory.

    Django reports:
    CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize().
    CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords.
    CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save().
    CVE-2024-39614: Potential denial-of-service in django.utils.translation.get_supported_language_variant().

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6888-1 advisory.

    Elias Myllymki discovered that Django incorrectly handled certain inputs with a large number of     brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop     responding, resulting in a denial of service. (CVE-2024-38875)

    It was discovered that Django incorrectly handled authenticating users with unusable passwords. A remote     attacker could possibly use this issue to perform a timing attack and enumerate users. (CVE-2024-39329)

    Josh Schneier discovered that Django incorrectly handled file path validation when the storage class is     being derived. A remote attacker could possibly use this issue to save files into arbitrary directories.
    (CVE-2024-39330)

    It was discovered that Django incorrectly handled certain long strings that included a specific set of     characters. A remote attacker could possibly use this issue to cause Django to consume resources or stop     responding, resulting in a denial of service. (CVE-2024-39614)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
203002	SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2024:2577-1)	Nessus	SuSE Local Security Checks	medium
202588	openSUSE 15 Security Update : python-Django (SUSE-SU-2024:2545-1)	Nessus	SuSE Local Security Checks	high
202186	Ubuntu 18.04 LTS : Django vulnerabilities (USN-6888-2)	Nessus	Ubuntu Local Security Checks	medium
202142	FreeBSD : Django -- multiple vulnerabilities (171afa61-3eba-11ef-a58f-080027836e8b)	Nessus	FreeBSD Local Security Checks	high
202084	Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Django vulnerabilities (USN-6888-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2024-39330

high

Tenable Plugins

medium

high

medium

high

high