Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2018/03/27 12:0 a.m.70 views

openSUSE Security Update : python3-Django (openSUSE-2018-318)

This update for python3-Django to version 1.18.18 fixes multiple issues. Security issues fixed : - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters bsc1083304. -...

9.8CVSS6.1AI score0.23566EPSS
Exploits9References22
OSV
OSV
added 2018/03/07 1:14 p.m.7 views

OPENSUSE-SU-2018:0632-1 Security update for python-Django

This update for python-Django fixes the following issues: Update to version 1.11.10 LTS Fixes CVE-2018-6188 boo1077714, CVE-2017-7234, CVE-2017-7233, CVE-2017-12794...

7.5CVSS6.8AI score0.23566EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2017/04/27 12:0 a.m.109 views

Debian DSA-3835-1 : python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-9013 Marti Raudsepp reported that a user with a hard-coded password is created when running tests with ...

9.8CVSS6.3AI score0.06074EPSS
Exploits2References13
Debian
Debian
added 2017/04/26 8:5 p.m.30 views

[SECURITY] [DSA 3835-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3835-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 26, 2017 https://www.debian.org/security/faq -...

7.5CVSS0.2AI score0.06074EPSS
Exploits2
OSV
OSV
added 2017/04/14 7:40 p.m.6 views

MGASA-2017-0106 Updated python-django packages fix security vulnerability

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

6.1CVSS6.2AI score0.02384EPSS
Exploits2References4
Mageia
Mageia
added 2017/04/14 7:40 p.m.35 views

Updated python-django packages fix security vulnerability

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

6.1CVSS1.4AI score0.02384EPSS
Exploits2References3
seebug.org
seebug.org
added 2017/04/13 12:0 a.m.130 views

Django.views.static.serve url跳转漏洞(CVE-2017-7234)

来源:同程安全应急响应中心 作者:Nearg1e@YSRC 来自 @Phithon 的一个漏洞。 问题出现在:django.views.static.serve函数上。该函数可以用来指定web站点的静态文件目录。如: python urlpatterns = urlr'^admin/', admin.site.urls, urlr'^staticp/?P.$', serve, 'documentroot': os.path.joinsettings.BASEDIR, 'staticpath'...

5.8CVSS6.8AI score0.0183EPSS
Exploits1
ALT Linux
ALT Linux
added 2017/04/12 12:0 a.m.45 views

Security fix for the ALT Linux 10 package python3-module-django version 1.8.18-alt1

April 12, 2017 Alexey Shabalin 1.8.18-alt1 - 1.8.18 - fixed CVE-2017-7233,CVE-2017-7234...

5.8CVSS6.7AI score0.02384EPSS
Exploits2
ALT Linux
ALT Linux
added 2017/04/12 12:0 a.m.26 views

Security fix for the ALT Linux 9 package python3-module-django version 1.8.18-alt1

April 12, 2017 Alexey Shabalin 1.8.18-alt1 - 1.8.18 - fixed CVE-2017-7233,CVE-2017-7234...

5.8CVSS6.7AI score0.02384EPSS
Exploits2
OpenVAS
OpenVAS
added 2017/04/07 12:0 a.m.42 views

Django Open Redirection Vulnerability

Django is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.1CVSS6.5AI score0.0183EPSS
Exploits1References3
ArchLinux
ArchLinux
added 2017/04/06 12:0 a.m.28 views

[ASA-201704-2] python-django: multiple issues

Arch Linux Security Advisory ASA-201704-2 ========================================= Severity: Medium Date : 2017-04-06 CVE-ID : CVE-2017-7233 CVE-2017-7234 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-233 Summary ======= The package...

6.1CVSS0.2AI score0.02384EPSS
Exploits2References4
ArchLinux
ArchLinux
added 2017/04/06 12:0 a.m.33 views

[ASA-201704-1] python2-django: multiple issues

Arch Linux Security Advisory ASA-201704-1 ========================================= Severity: Medium Date : 2017-04-06 CVE-ID : CVE-2017-7233 CVE-2017-7234 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-233 Summary ======= The package...

6.1CVSS0.2AI score0.02384EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2017/04/05 1:18 p.m.24 views

CVE-2017-7234

A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...

6.1CVSS2.3AI score0.0183EPSS
Exploits1References1
Debian
Debian
added 2017/04/05 9:7 a.m.33 views

[SECURITY] [DLA 885-1] python-django security update

Package : python-django Version : 1.4.22-1+deb7u3 CVE ID : CVE-2017-7233, CVE-2017-7234 Debian Bug : 859515, 859516 It was discovered that there were two vulnerabilities in python-django, a high-level Python web development framework. CVE-2017-7233 859515: Open redirect and possible XSS attack vi...

6.1CVSS6.8AI score0.02384EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2017/04/05 12:0 a.m.26 views

FreeBSD : django -- multiple vulnerabilities (dc880d6c-195d-11e7-8c63-0800277dcc69)

Django team reports : These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. - Open redirect and possible XSS attack via user-supplied numeric redirect URLs - Open redirect vulnerability in django.views.static.serve %NASLMINLEV...

6.1CVSS6AI score0.02384EPSS
Exploits2References4
vulnersOsv
vulnersOsv
added 2017/04/04 5:59 p.m.4 views

django-admin-caching (>=0.1.0 <=0.1.2), django-automated-logging (=0.0.1a0) +12 more potentially affected by CVE-2017-7234 via django (>=1.10.0 <=1.10.6)

django PYPI version =1.10.0, =0.1.0, =2.0.0, =0.1.0, =0.3.1, =0.9.0, =0.6.0, =0.2.5, =0.8.0, =0.8.3 Source cves: CVE-2017-7234 Source advisory: OSV:PYSEC-2017-10...

6.1CVSS6.7AI score0.0183EPSS
Exploits1
NVD
NVD
added 2017/04/04 5:59 p.m.17 views

CVE-2017-7234

A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...

6.1CVSS6.3AI score0.0183EPSS
Exploits1References4
OSV
OSV
added 2017/04/04 5:59 p.m.16 views

CVE-2017-7234

A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...

6.1CVSS6AI score
Exploits0References4
Ubuntu
Ubuntu
added 2017/04/04 5:9 p.m.56 views

USN-3254-1: Django vulnerabilities

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

6.1CVSS6.3AI score0.02384EPSS
Exploits2
CVE
CVE
added 2017/04/04 5:0 p.m.161 views

CVE-2017-7234

CVE-2017-7234 is an open redirect vulnerability in Django’s development-only django.views.static.serve() view. The vulnerability stemmed from insufficient input filtering in the serve() helper, allowing a maliciously crafted URL to redirect to an attacker-controlled domain. Affected versions incl...

6.1CVSS6.1AI score0.0183EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder