PYSEC-2015-10

🗓️ 14 Jul 2015 17:59:00Reported by Python Packaging AdvisoryType

pypa🔗 github.com👁 6 Views

Django validators EmailValidator, web address validator, IPv4 address, and slug validators are vulnerable to header injection due to a regex flaw.

Reporter	Title	Published	Views	Family All 55
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 1.8.5-alt1	13 Oct 201500:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package python3-module-django version 1.8.5-alt1	13 Oct 201500:00	–	altlinux
FreeBSD	django -- multiple vulnerabilities	10 Jun 201500:00	–	freebsd
BDU FSTEC	The vulnerability of the Django web application software platform allows a hacker to trigger a service failure.	13 Oct 201500:00	–	bdu_fstec
CNVD	Django Header Injection Vulnerability	14 Jul 201500:00	–	cnvd
CVE	CVE-2015-5144	14 Jul 201517:00	–	cve
Cvelist	CVE-2015-5144	14 Jul 201517:00	–	cvelist
Debian	[SECURITY] [DLA 272-1] python-django security update	16 Jul 201513:46	–	debian
Debian	[SECURITY] [DSA 3305-1] python-django security update	8 Jul 201522:14	–	debian
Debian CVE	CVE-2015-5144	14 Jul 201517:00	–	debiancve

Vulners

Node

pypi djangoRange1.8–1.8.3

Source	Link
ubuntu	www.ubuntu.com/usn/USN-2671-1
debian	www.debian.org/security/2015/dsa-3305
djangoproject	www.djangoproject.com/weblog/2015/jul/08/security-releases/
oracle	www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
securityfocus	www.securityfocus.com/bid/75665
security	www.security.gentoo.org/glsa/201510-06
lists	www.lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html
lists	www.lists.opensuse.org/opensuse-updates/2015-10/msg00046.html
lists	www.lists.opensuse.org/opensuse-updates/2015-10/msg00043.html
securitytracker	www.securitytracker.com/id/1032820

05 Jul 2021 00:01Current

7.1High risk

Vulners AI Score7.1

CVSS 24.3

EPSS0.01493