8 matches found
Django Debug Page - Cross-Site Scripting
Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...
Ubuntu: Security Advisory (USN-3559-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : python3-Django (openSUSE-2018-318)
This update for python3-Django to version 1.18.18 fixes multiple issues. Security issues fixed : - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters bsc1083304. -...
OPENSUSE-SU-2018:0632-1 Security update for python-Django
This update for python-Django fixes the following issues: Update to version 1.11.10 LTS Fixes CVE-2018-6188 boo1077714, CVE-2017-7234, CVE-2017-7233, CVE-2017-12794...
Ubuntu 17.10 : python-django vulnerabilities (USN-3559-1)
It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. CVE-2017-12794, CVE-2018-6188. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...
USN-3559-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain requests. An attacker could possibly use this to access sensitive information. CVE-2017-12794, CVE-2018-6188...
Fedora 26 : python-django (2017-8614a6e905)
fix CVE-2017-12794 rhbz1488764 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
CVE-2017-12794
CVE-2017-12794 affects Django 1.10.x before 1.10.8 and Django 1.11.x before 1.11.5. The issue: HTML autoescaping is disabled in a portion of the technical 500 debug page, which under the right conditions (eg, DEBUG=True) enables a cross-site scripting attack. Impact as described: an attacker coul...