django-security
Safeguard articles tagged "django-security" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Securing Django applications from common vulnerabilities
Django's secure-by-default reputation hides real gaps: SQL injection via Trunc()/Extract(), ReDoS in Truncator, and misconfigured DEBUG settings still cause incidents.
Django SECRET_KEY exposure and settings.py secret managem...
A Django SECRET_KEY exposure can silently unravel session security, CSRF protection, and signed tokens. Here's how to find, fix, and prevent it for good.
Django QuerySet.explain SQL injection (CVE-2022-28346)
A Django ORM flaw let unvalidated input reach EXPLAIN and annotate() SQL generation. Here's the CVE-2022-28347 impact, fix, and defense playbook.
CVE-2021-33203: Path traversal via Django admindocs
CVE-2021-33203 let authenticated Django staff users traverse outside admindocs' template directory. Here's what's affected, real severity context, and how to remediate.
CVE-2018-6188: User enumeration in Django password reset
A timing difference in Django password resets let attackers confirm valid emails via response latency. CVE-2018-6188 impact, fix versions, and remediation.