Incorrect vulnerability details - Django v4.1.x is not vulnerable to CVE-2022-34265

[rylyade1]

Vulnerability URL Provide the URL to the vulnerability. For example:

https://ossindex.sonatype.org/vulnerability/CVE-2022-34265

Component URL Provide the URL to the component. For example:

https://ossindex.sonatype.org/component/pkg:pypi/django@4.1.2
https://ossindex.sonatype.org/component/pkg:pypi/django@4.1.1
https://ossindex.sonatype.org/component/pkg:pypi/django@4.1

Description The CVE-2022-34265 vulnerability does not affect Django version 4.1.x. This vulnerability is patched in version 4.0.6.

[ken-duck]

From https://ossindex.sonatype.org/vulnerability/CVE-2022-34265 (when signed in)

The Sonatype Security Research team discovered that this vulnerability also exists in versions 1.x, 2.x and 4.1.x, and therefore does not only affect versions 4.0.x before 4.0.6 and 3.2.x before 3.2.14 as stated in the advisory.

The researchers dig into the source code for many of our vulnerabilities and often find that NVD does not fully represent the true impact of issues.

Thank you for your report. We are migrating to a new email-based reporting system in order to better mesh with our internal processes, which will allow us to be more reactive to our users.

If you notice further issues or would like to follow up on this one, please email ossindex@sonatype.org