{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"python-django security update", "category":"general", "title":"Synopsis" }, { "text":"An update for python-django is now available for openEuler-22.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"A high-level Python Web framework that encourages rapid development and clean, pragmatic design.\n\nSecurity Fix(es):\n\nA vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 (Content Management System).CWE is classifying the issue as CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.This is going to have an impact on integrity.Upgrading to version 4.2.22, 5.1.10 or 5.2.2 eliminates this vulnerability.(CVE-2025-48432)", "category":"general", "title":"Description" }, { "text":"An update for python-django is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"python-django", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1618", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1618" }, { "summary":"CVE-2025-48432", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48432&packageName=python-django" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48432" }, { "summary":"openEuler-SA-2025-1618 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1618.json" } ], "title":"An update for python-django is now available for openEuler-22.03-LTS-SP3", "tracking":{ "initial_release_date":"2025-06-13T22:20:23+08:00", "revision_history":[ { "date":"2025-06-13T22:20:23+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-06-13T22:20:23+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-06-13T22:20:23+08:00", "id":"openEuler-SA-2025-1618", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python-django-4.2.15-7.oe2203sp3.src.rpm", "name":"python-django-4.2.15-7.oe2203sp3.src.rpm" }, "name":"python-django-4.2.15-7.oe2203sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python-django-help-4.2.15-7.oe2203sp3.noarch.rpm", "name":"python-django-help-4.2.15-7.oe2203sp3.noarch.rpm" }, "name":"python-django-help-4.2.15-7.oe2203sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"python3-Django-4.2.15-7.oe2203sp3.noarch.rpm", "name":"python3-Django-4.2.15-7.oe2203sp3.noarch.rpm" }, "name":"python3-Django-4.2.15-7.oe2203sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python-django-4.2.15-7.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python-django-4.2.15-7.oe2203sp3.src", "name":"python-django-4.2.15-7.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python-django-help-4.2.15-7.oe2203sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python-django-help-4.2.15-7.oe2203sp3.noarch", "name":"python-django-help-4.2.15-7.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"python3-Django-4.2.15-7.oe2203sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:python3-Django-4.2.15-7.oe2203sp3.noarch", "name":"python3-Django-4.2.15-7.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-48432", "notes":[ { "text":"A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 (Content Management System).CWE is classifying the issue as CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.This is going to have an impact on integrity.Upgrading to version 4.2.22, 5.1.10 or 5.2.2 eliminates this vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:python-django-4.2.15-7.oe2203sp3.src", "openEuler-22.03-LTS-SP3:python-django-help-4.2.15-7.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:python3-Django-4.2.15-7.oe2203sp3.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:python-django-4.2.15-7.oe2203sp3.src", "openEuler-22.03-LTS-SP3:python-django-help-4.2.15-7.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:python3-Django-4.2.15-7.oe2203sp3.noarch" ], "details":"python-django security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1618" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.4, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:python-django-4.2.15-7.oe2203sp3.src", "openEuler-22.03-LTS-SP3:python-django-help-4.2.15-7.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:python3-Django-4.2.15-7.oe2203sp3.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-48432" } ] }