{"affected":[{"ecosystem_specific":{"binaries":[{"python-Django":"1.8.19-3.15.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"python-Django","purl":"pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.19-3.15.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-Django fixes the following issues:\n\n- CVE-2019-14232: Fixed a denial of service in 'django.utils.text.Truncator' (bsc#1142880).\n- CVE-2019-14233: Fixed a denial of service in strip_tags() (bsc#1142882).\n- CVE-2019-14234: Fixed an SQL injection in key and index lookups for 'JSONField'/'HStoreField' (bsc#1142883).\n- CVE-2019-14235: Fixed a potential memory exhaustion in 'django.utils.encoding.uri_to_iri()' (bsc#1142885).\n","id":"SUSE-SU-2019:2180-1","modified":"2019-08-19T14:48:36Z","published":"2019-08-19T14:48:36Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192180-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1142880"},{"type":"REPORT","url":"https://bugzilla.suse.com/1142882"},{"type":"REPORT","url":"https://bugzilla.suse.com/1142883"},{"type":"REPORT","url":"https://bugzilla.suse.com/1142885"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14232"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14233"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14234"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14235"}],"related":["CVE-2019-14232","CVE-2019-14233","CVE-2019-14234","CVE-2019-14235"],"summary":"Security update for python-Django","upstream":["CVE-2019-14232","CVE-2019-14233","CVE-2019-14234","CVE-2019-14235"]}