Code injection

2014-08-2614:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

74.9%

JSON

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.

CPENameOperatorVersion
djangoeq1.7 rc2
djangoeq1.7 beta1
djangoeq1.7 beta3
djangoeq1.7 rc1
djangoeq1.7 beta2
djangoeq1.7 beta4
djangoeq1.6 beta4
djangoeq1.6.5
djangoeq1.6 beta2
djangoeq1.6.3

Name	Operator	Version
django	eq	1.7 rc2
django	eq	1.7 beta1
django	eq	1.7 beta3
django	eq	1.7 rc1
django	eq	1.7 beta2
django	eq	1.7 beta4
django	eq	1.6 beta4
django	eq	1.6.5
django	eq	1.6 beta2
django	eq	1.6.3