Lucene search

Directory traversal in Django

🗓️ 23 Jul 2018 00:00:00Reported by https://gitlab.com/gitlab-org/security-products/gemnasium-dbType

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replay

Reporter	Title	Published	Views	Family All 12
CVE	CVE-2011-0698	14 Feb 201121:00	–	cve
Github Security Blog	Directory traversal in Django	23 Jul 201819:52	–	github
Prion	Directory traversal	14 Feb 201121:00	–	prion
Cvelist	CVE-2011-0698	14 Feb 201120:00	–	cvelist
OSV	High severity vulnerability that affects django	23 Jul 201819:52	–	osv
OSV	PYSEC-2011-12	14 Feb 201121:00	–	osv
UbuntuCve	CVE-2011-0698	14 Feb 201100:00	–	ubuntucve
NVD	CVE-2011-0698	14 Feb 201121:00	–	nvd
Debian CVE	CVE-2011-0698	14 Feb 201121:00	–	debiancve
OpenVAS	Mandriva Update for python-django MDVSA-2011:031 (python-django)	22 Feb 201100:00	–	openvas

Vulners

Node

pypi djangoRange1.1≥

pypi djangoRange<1.1.4

pypi djangoRange1.2≥

pypi djangoRange<1.2.5

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2011-0698
github	www.github.com/advisories/GHSA-7g9h-c88w-r7h2
github	www.github.com/django/django/commit/194566480b15cf4e294d3f03ff587019b74044b2
github	www.github.com/django/django/commit/570a32a047ea56265646217264b0d3dab1a14dbd
github	www.github.com/django/django
github	www.github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-12.yaml
web	www.web.archive.org/web/20110521033259/http://secunia.com/advisories/43230
web	www.web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Jul 2018 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS27.5

EPSS0.01802