Fedora 44 : python-django-haystack (2026-3e10194134)

high Nessus Plugin ID 323997

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e10194134 advisory.

Fixes GHSA-r3hx-x5rh-p9vv: via `eval()` in Elasticsearch Result Deserialization

https://github.com/django-haystack/django-haystack/security/advisories/GHSA-r3hx-x5rh-p9vv

## What's Changed https://github.com/django-haystack/django-haystack/releases/tag/v3.4.0

* Remove obsolete ElasticSearch2 support and tests by @claudep in https://github.com/django- haystack/django-haystack/pull/1978
* Add Django v5.1 to the testing by @cclauss in https://github.com/django-haystack/django- haystack/pull/1991
* GitHub Actions: Add Python 3.13 to the testing by @cclauss in https://github.com/django-haystack/django- haystack/pull/1997
* Fix typo. by @andresmrm in https://github.com/django-haystack/django-haystack/pull/1998
* Fix RelatedSearchQueryset.load_all() truncating results by @craigds in https://github.com/django- haystack/django-haystack/pull/2012
* [FIXED] -- handle trailing slash in Solr index URL for core reload. by @DhavalGojiya in https://github.com/django-haystack/django-haystack/pull/1968
* Bump the github-actions group with 2 updates by @dependabot[bot] in https://github.com/django- haystack/django-haystack/pull/2018
* Update license field to use proper SPDX identifier by @leifdreizler in https://github.com/django- haystack/django-haystack/pull/2016
* dev: Update Python dependencies by @kingbuzzman in https://github.com/django-haystack/django- haystack/pull/2019
* dev: Update django by @kingbuzzman in https://github.com/django-haystack/django-haystack/pull/2020
* fix: handle HEAD requests like GET in generic_views by @janheini in https://github.com/django- haystack/django-haystack/pull/2015
* feat: Add requires-python to pyproject.toml (PEP 621) by @DhavalGojiya in https://github.com/django- haystack/django-haystack/pull/2039
* Add Python 3.14 and 3.14t to the testing by @cclauss in https://github.com/django-haystack/django- haystack/pull/2031
* Fix race condition in ConnectionRouter.routers lazy initialization by @craigds in https://github.com/django-haystack/django-haystack/pull/2048
* add postgres backend to backend_support.rst by @fgregg in https://github.com/django-haystack/django- haystack/pull/2044
* Actions: limit permissions for tests by @acdha in https://github.com/django-haystack/django- haystack/pull/2053
* GitHub Actions: zizmor fixes by @acdha in https://github.com/django-haystack/django-haystack/pull/2055


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-django-haystack package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2026-3e10194134

Plugin Details

Severity: High

ID: 323997

File Name: fedora_2026-3e10194134.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 7/1/2026

Updated: 7/1/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:44, p-cpe:/a:fedoraproject:fedora:python-django-haystack

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/22/2026

Vulnerability Publication Date: 6/22/2026

Reference Information