Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2015/04/02 12:0 a.m.34 views

openSUSE Security Update : python-Django (openSUSE-2015-281)

python-django was updated to 1.6.11 to fix security issues and non-security bugs. THe following vulnerabilities were fixed : - Made issafeurl reject URLs that start with control characters to mitigate possible XSS attack via user-supplied redirect URLs bnc923176, CVE-2015-2317 - Fixed an infinite...

5CVSS5.2AI score0.06783EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.43 views

Debian DLA-143-1 : python-django security update

Multiple security issues have been found in Django: https://www.djangoproject.com/weblog/2015/jan/13/security/ For Debian 6 Squeeeze, they have been fixed in version 1.2.3-3+squeeze12 of python-django. Here is what the upstream developers have to say about those issues : CVE-2015-0219 - WSGI head...

5CVSS5.5AI score0.06783EPSS
Exploits3References6
Debian
Debian
added 2015/01/29 11:15 a.m.37 views

[SECURITY] [DLA 143-1] python-django security update

Package : python-django Version : 1.2.3-3+squeeze12 CVE ID : CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 Multiple security issues have been found in Django: https://www.djangoproject.com/weblog/2015/jan/13/security/ For Debian 6 Squeeeze, they have been fixed in version 1.2.3-3+squeeze12 of...

5CVSS5.7AI score0.06783EPSS
Exploits3
OSV
OSV
added 2015/01/29 12:0 a.m.30 views

DLA-143-1 python-django - security update

Bulletin has no description...

5CVSS6AI score0.06783EPSS
Exploits3
OSV
OSV
added 2015/01/17 10:31 p.m.10 views

MGASA-2015-0026 Updated python-django and python-django14 packages fix security vulnerabilities

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker...

5CVSS6.6AI score0.06783EPSS
Exploits3References4
OSV
OSV
added 2015/01/16 4:59 p.m.32 views

PYSEC-2015-4

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...

5CVSS3.7AI score0.06783EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2015/01/13 12:0 a.m.6 views

PT-2015-4526 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Django versions 1.4.17 and earlier Django versions 1.6.x before 1.6.10 Django versions 1.7.x before 1.7.3 Description: The issue allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in a...

6.9CVSS6.8AI score0.06783EPSS
Exploits3References66
Rows per page
Query Builder