5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
78.2%
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as much
as possible and adhering to the DRY (Don’t Repeat Yourself) principle.
An information-exposure flaw was found in the Django date filter. If an
application allowed users to provide non-validated date formats, a
malicious end user could expose application-settings data by providing
the relevant applications-settings key instead of a valid date format.
(CVE-2015-8213)
Red Hat would like to thank the Django project for reporting this issue.
Upstream acknowledges Ryan Butterfield as the original reporter.
All python-django users are advised to upgrade to these updated packages,
which contain backported patches to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python-django-doc | < 1.8.7-1.el7 | python-django-doc-1.8.7-1.el7.noarch.rpm |
RedHat | 7 | noarch | python-django-bash-completion | < 1.8.7-1.el7 | python-django-bash-completion-1.8.7-1.el7.noarch.rpm |
RedHat | 7 | noarch | python-django | < 1.8.7-1.el7 | python-django-1.8.7-1.el7.noarch.rpm |
RedHat | 7 | src | python-django | < 1.8.7-1.el7 | python-django-1.8.7-1.el7.src.rpm |