VUL-0: CVE-2024-36039: python-PyMySQL: SQL injection if used with untrusted JSON input VUL-0: CVE-2024-28397: python-Js2Py: an issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. VUL-0: CVE-2024-38875: python-Django: potential denial-of-service through django.utils.html.urlize() VUL-0: CVE-2024-39329: python-Django: username enumeration through timing difference for users with unusable passwords VUL-0: CVE-2024-39330: python-Django: potential directory traversal in django.core.files.storage.Storage.save() VUL-0: CVE-2024-39614: python-Django: potential denial-of-service through django.utils.translation.get_supported_language_variant() nkrapp critical security

Security update for python-PyMySQL, python-Js2Py, python-Django

This update for python-PyMySQL, python-Js2Py, python-Django fixes the following issues: python-Django: - CVE-2024-38875: Potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590) - CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords (bsc#1227593) - CVE-2024-39330: Potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594) - CVE-2024-39614: Potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595) python-Js2Py: - CVE-2024-28397 (bsc#1226660, gh#PiotrDabkowski/Js2Py#323) python-PyMySQL: - CVE-2024-36039 (bsc#1225070, gh#PyMySQL/PyMySQL@521e40050cb3) python-Django python-Js2Py python-PyMySQL