Skip to main content
Vulnerability Intelligence
Platform
Solutions
Customers
Resources
Company
Login
Get Demo
FEDORA-2026-00b5bf3150 | Mondoo Vulnerability Intelligence
Vulnerability Intelligence
FEDORA-2026-00b5bf3150
FEDORA-2026-00b5bf3150
UNKNOWN
python-django5-5.2.11-1.fc42
Published Feb 19, 2026
Modified 5 days ago
Fix available
Details
Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation
Fixed a bug in Django 5.2 where data exceeding max_length was silently truncated by QuerySet.bulk_create() on PostgreSQL
Fixed a bug where management command colorized help (introduced in Python 3.14) ignored the --no-color option and the DJANGO_COLORS setting
Affected Packages
python-django5
Fedora 42
Fixed in:
5.2.11-1.fc42
python3-django
Fedora 42
Fixed in:
5.2.11-1.fc42
python3-django-bash-completion
Fedora 42
Fixed in:
5.2.11-1.fc42
python3-django-doc
Fedora 42
Fixed in:
5.2.11-1.fc42
References
REPORT
https://bugzilla.redhat.com/show_bug.cgi?id=2427483
REPORT
https://bugzilla.redhat.com/show_bug.cgi?id=2436695
REPORT
https://bugzilla.redhat.com/show_bug.cgi?id=2436699
REPORT
https://bugzilla.redhat.com/show_bug.cgi?id=2436709
REPORT
https://bugzilla.redhat.com/show_bug.cgi?id=2436714
REPORT
https://bugzilla.redhat.com/show_bug.cgi?id=2436716
Related
CVE-2025-13473
CVE-2025-14550
CVE-2026-1207
CVE-2026-1285
CVE-2026-1287
CVE-2026-1312
Ecosystems
Fedora 42
Timeline
Published
Feb 19, 2026
Modified
Feb 28, 2026