Lucene search

K

GoogleOSV:PYSEC-2015-10

HistoryJul 14, 2015 - 5:59 p.m.

PYSEC-2015-10

2015-07-1417:59:00

Google

osv.dev

9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

CPENameOperatorVersion
djangoeq1.8.1
djangoeq1.4.18
djangoeq1.5.6
djangoeq1.7.3
djangoeq1.5.1
djangoeq1.4.7
djangoeq1.7.4
djangoeq1.0.1
djangoeq1.4.15
djangoeq1.3.7

Rows per page:

1-10 of 831

References

lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html

lists.opensuse.org/opensuse-updates/2015-10/msg00043.html

lists.opensuse.org/opensuse-updates/2015-10/msg00046.html

www.debian.org/security/2015/dsa-3305

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/75665

www.securitytracker.com/id/1032820

www.ubuntu.com/usn/USN-2671-1

security.gentoo.org/glsa/201510-06

www.djangoproject.com/weblog/2015/jul/08/security-releases/

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for OSV:PYSEC-2015-10

ubuntucve1 cvelist1 cve1 prion1 gitlab1 osv3 github1 debiancve1 nessus9 debian2 openvas7 ubuntu1 securityvulns2 mageia1 freebsd1 gentoo1 fedora2 altlinux2