21 matches found
openSUSE Security Update : python3-Django (openSUSE-2018-318)
This update for python3-Django to version 1.18.18 fixes multiple issues. Security issues fixed : - CVE-2018-7537: Fixed catastrophic backtracking in django.utils.text.Truncator. bsc1083305 - CVE-2018-7536: Fixed catastrophic backtracking in urlize and urlizetrunc template filters bsc1083304. -...
OPENSUSE-SU-2018:0632-1 Security update for python-Django
This update for python-Django fixes the following issues: Update to version 1.11.10 LTS Fixes CVE-2018-6188 boo1077714, CVE-2017-7234, CVE-2017-7233, CVE-2017-12794...
Debian DSA-3835-1 : python-django - security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-9013 Marti Raudsepp reported that a user with a hard-coded password is created when running tests with ...
[SECURITY] [DSA 3835-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3835-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 26, 2017 https://www.debian.org/security/faq -...
MGASA-2017-0106 Updated python-django packages fix security vulnerability
It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...
Updated python-django packages fix security vulnerability
It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...
Django.views.static.serve url跳转漏洞(CVE-2017-7234)
来源:同程安全应急响应中心 作者:Nearg1e@YSRC 来自 @Phithon 的一个漏洞。 问题出现在:django.views.static.serve函数上。该函数可以用来指定web站点的静态文件目录。如: python urlpatterns = urlr'^admin/', admin.site.urls, urlr'^staticp/?P.$', serve, 'documentroot': os.path.joinsettings.BASEDIR, 'staticpath'...
Security fix for the ALT Linux 10 package python3-module-django version 1.8.18-alt1
April 12, 2017 Alexey Shabalin 1.8.18-alt1 - 1.8.18 - fixed CVE-2017-7233,CVE-2017-7234...
Security fix for the ALT Linux 9 package python3-module-django version 1.8.18-alt1
April 12, 2017 Alexey Shabalin 1.8.18-alt1 - 1.8.18 - fixed CVE-2017-7233,CVE-2017-7234...
Django Open Redirection Vulnerability
Django is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
[ASA-201704-2] python-django: multiple issues
Arch Linux Security Advisory ASA-201704-2 ========================================= Severity: Medium Date : 2017-04-06 CVE-ID : CVE-2017-7233 CVE-2017-7234 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-233 Summary ======= The package...
[ASA-201704-1] python2-django: multiple issues
Arch Linux Security Advisory ASA-201704-1 ========================================= Severity: Medium Date : 2017-04-06 CVE-ID : CVE-2017-7233 CVE-2017-7234 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-233 Summary ======= The package...
CVE-2017-7234
A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...
[SECURITY] [DLA 885-1] python-django security update
Package : python-django Version : 1.4.22-1+deb7u3 CVE ID : CVE-2017-7233, CVE-2017-7234 Debian Bug : 859515, 859516 It was discovered that there were two vulnerabilities in python-django, a high-level Python web development framework. CVE-2017-7233 859515: Open redirect and possible XSS attack vi...
FreeBSD : django -- multiple vulnerabilities (dc880d6c-195d-11e7-8c63-0800277dcc69)
Django team reports : These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. - Open redirect and possible XSS attack via user-supplied numeric redirect URLs - Open redirect vulnerability in django.views.static.serve %NASLMINLEV...
django-admin-caching (>=0.1.0 <=0.1.2), django-automated-logging (=0.0.1a0) +12 more potentially affected by CVE-2017-7234 via django (>=1.10.0 <=1.10.6)
django PYPI version =1.10.0, =0.1.0, =2.0.0, =0.1.0, =0.3.1, =0.9.0, =0.6.0, =0.2.5, =0.8.0, =0.8.3 Source cves: CVE-2017-7234 Source advisory: OSV:PYSEC-2017-10...
CVE-2017-7234
A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...
CVE-2017-7234
A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...
USN-3254-1: Django vulnerabilities
It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...
CVE-2017-7234
CVE-2017-7234 is an open redirect vulnerability in Django’s development-only django.views.static.serve() view. The vulnerability stemmed from insufficient input filtering in the serve() helper, allowing a maliciously crafted URL to redirect to an attacker-controlled domain. Affected versions incl...