Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0104
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0104)
Zusammenfassung:	The remote host is missing an update for the 'python-asgiref, python-django' package(s) announced via the MGASA-2022-0104 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python-asgiref, python-django' package(s) announced via the MGASA-2022-0104 advisory. Vulnerability Insight: The {% debug %} template tag didn't properly encode the current context posing an XSS attack vector (CVE-2022-22818). Passing certain inputs to multipart forms could result in an infinite loop when parsing files resulting in a denial of service (CVE-2022-23833). The python-django update necessitated a version update to python-asgiref as well. Affected Software/OS: 'python-asgiref, python-django' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-22818 Debian Security Information: DSA-5254 (Google Search) https://www.debian.org/security/2022/dsa-5254 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ https://docs.djangoproject.com/en/4.0/releases/security/ https://groups.google.com/forum/#!forum/django-announce Common Vulnerability Exposure (CVE) ID: CVE-2022-23833 https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.