openSUSE-SU-2023:0384-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0384-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0384-1
Related
Published
2023-11-30T10:47:42Z
Modified
2023-11-30T10:47:42Z
Summary
Security update for python-django-grappelli
Details

This update for python-django-grappelli fixes the following issues:

Update to 2.14.4:

  • CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks (boo#1216481)
  • Fixed: Redirect with switch user.
  • Improved: Remove extra filtering in AutocompleteLookup.
  • Improved: Added import statement with URLs for quickstart docs.
  • Improved: Added additional blocks with inlines to allow override.
  • Fixed: Compatibility with Django 3.1.
  • Fixed: Docs about adding Grappelli documentation URLS.
References

Affected packages

SUSE:Package Hub 15 SP4 / python-django-grappelli

Package

Name
python-django-grappelli
Purl
pkg:rpm/suse/python-django-grappelli&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.4-bp154.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-django-grappelli": "2.14.4-bp154.2.3.1"
        }
    ]
}

openSUSE:Leap 15.4 / python-django-grappelli

Package

Name
python-django-grappelli
Purl
pkg:rpm/opensuse/python-django-grappelli&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.4-bp154.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "python3-django-grappelli": "2.14.4-bp154.2.3.1"
        }
    ]
}