PYSEC-2016-15

🗓️ 08 Apr 2016 15:59:00Reported by Python Packaging AdvisoryType

pypa🔗 github.com👁 4 Views

Django before 1.8.10 and 1.9.x before 1.9.3 allow remote redirects via a basic authentication URL, enabling phishing or cross-site scripting.

Reporter	Title	Published	Views	Family All 68
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 1.8.15-alt1	24 Oct 201600:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package python3-module-django version 1.8.15-alt1	24 Oct 201600:00	–	altlinux
CNVD	Django 'django.utils.http.is_safe_url()' security bypass vulnerability	4 Mar 201600:00	–	cnvd
CVE	CVE-2016-2512	8 Apr 201615:00	–	cve
Cvelist	CVE-2016-2512	8 Apr 201615:00	–	cvelist
Debian	[SECURITY] [DSA 3544-1] python-django security update	7 Apr 201616:33	–	debian
Debian	[SECURITY] [DSA 3544-1] python-django security update	7 Apr 201616:33	–	debian
Debian CVE	CVE-2016-2512	8 Apr 201615:00	–	debiancve
Tenable Nessus	Debian DSA-3544-1 : python-django - security update	8 Apr 201600:00	–	nessus
Tenable Nessus	Fedora 23 : python-django-1.8.11-1.fc23 (2016-11183ea08d)	18 Mar 201600:00	–	nessus

Vulners

Node

Source	Link
github	www.github.com/django/django/commit/c5544d289233f501917e25970c03ed444abbd4f0
djangoproject	www.djangoproject.com/weblog/2016/mar/01/security-releases/
rhn	www.rhn.redhat.com/errata/RHSA-2016-0504.html
oracle	www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
securityfocus	www.securityfocus.com/bid/83879
ubuntu	www.ubuntu.com/usn/USN-2915-2
ubuntu	www.ubuntu.com/usn/USN-2915-3
debian	www.debian.org/security/2016/dsa-3544
rhn	www.rhn.redhat.com/errata/RHSA-2016-0502.html
rhn	www.rhn.redhat.com/errata/RHSA-2016-0505.html

15 Jul 2021 02:22Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 37.4

EPSS0.01203