SUSE-SU-2025:03446-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202503446-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03446-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:03446-1
- Upstream
- Related
- Published
- 2025-10-02T07:13:00Z
- Modified
- 2025-10-02T16:32:12.140788Z
- Summary
- Security update for python-Django
- Details
-
This update for python-Django fixes the following issues:
- CVE-2025-59681: SQL injection via the
QuerySetannotate(),alias(),aggregate(), orextra()` methods when processing a specially crafted dictionary with dictionary expansion (bsc#1250485). - CVE-2025-59682: directory traversal via the
django.utils.archive.extract()function when processing an archive with file paths that share a common prefix with the target directory (bsc#1250487).
- CVE-2025-59681: SQL injection via the
- References