Django, a widely used Python web development framework, has unveiled two significant security vulnerabilities that could expose applications to SQL injection and denial-of-service (DoS) attacks. The first vulnerability, CVE-2025-64459, represents a high-severity SQL injection flaw in Django’s core components, specifically affecting its QuerySet and Q objects. This weakness allows attackers to input arbitrary SQL commands, jeopardizing sensitive data and backend system security.
The second vulnerability, CVE-2025-64458, pertains to a moderate-severity DoS issue affecting Django installations on Windows. Identified by Seokchan Yoon, this flaw arises from inefficient Unicode character processing in the HttpResponseRedirect and HttpResponsePermanentRedirect functions. Attackers could exploit this to consume excessive resources, leading to application unresponsiveness. Developers are urged to update to the latest patched versions to mitigate these risks and uphold security best practices for web applications.
👉 Pročitaj original: Cyber Security News
