20 matches found
openSUSE Security Advisory (SUSE-SU-2024:2817-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for python-django (FEDORA-2020-2e7d30f7aa)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GLSA-202004-17 : Django: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202004-17 Django: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending specially crafted input,...
openSUSE: Security Advisory for python-Django (openSUSE-SU-2019:1839-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.3-alt1
July 15, 2019 Alexey Shabalin 2.2.3-alt1 - 2.2.3 - build python3 only - rename package to python3-module-django2.2 - Fixes for the following security vulnerabilities: + CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS + CVE-2019-12308 AdminURLFieldWidget XSS +...
Security fix for the ALT Linux 10 package python3-module-django version 2.2.3-alt1
July 15, 2019 Alexey Shabalin 2.2.3-alt1 - 2.2.3 - build python3 only - rename package to python3-module-django2.2 - Fixes for the following security vulnerabilities: + CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS + CVE-2019-12308 AdminURLFieldWidget XSS +...
Debian DSA-4476-1 : python-django - security update
Three security issues were found in Django, a Python web development framework, which could result in denial of service, incomplete sanitisation of clickable links or missing redirects of HTTP requests to HTTPS. C Tenable Network Security, Inc. The descriptive text and package checks in this plug...
Debian: Security Advisory (DSA-4476-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4476-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4476-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2019 https://www.debian.org/security/faq -...
Ubuntu: Security Advisory (USN-4043-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4043-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. CVE-2019-12308 Gavin Wahl discovered that Django incorrectly handled HTTP detection when...
Django AdminURLFieldWidget XSS Vulnerability - Linux
Django is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django";...
Fedora 30 : python-django (2019-57a4324120)
update to 2.1.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc. T...
aimmo (>=0.61.9 <=0.69.1b348), ambition-edc (>=0.3.68 <=0.3.72) +57 more potentially affected by CVE-2019-12308 via django (>=2.2.0 <=2.2.19)
django PYPI version =2.2.0, =0.61.9, =0.3.68, =0.14.0, =5.2.1, =0.1.0, =4.15.0, =4.15.0, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =2.0.0, =2.2.0 - django-country-filter =0.0.1 and more Source cves: CVE-2019-12308 Source advisory: OSV:GHSA-7RP2-FM2H-WCHJ...
boorunaut (>=0.1.0 <=0.4.2), burl (=1.0.0) +124 more potentially affected by CVE-2019-12308 via django (>=2.1.0 <=2.1.8)
django PYPI version =2.1.0, =0.1.0, =0.10.0, =2.4.0, =0.3.1, =0.1.6, =0.2.0, =0.2.1 - django-aesfield =3.0.0 - django-alexa =0.0.9 and more Source cves: CVE-2019-12308 Source advisory: OSV:GHSA-7RP2-FM2H-WCHJ...
boorunaut (>=0.1.0 <=0.4.2), burl (=1.0.0) +124 more potentially affected by CVE-2019-12308 via django (>=2.1.0 <=2.1.8)
django PYPI version =2.1.0, =0.1.0, =0.10.0, =2.4.0, =0.3.1, =0.1.6, =0.2.0, =0.2.1 - django-aesfield =3.0.0 - django-alexa =0.0.9 and more Source cves: CVE-2019-12308 Source advisory: OSV:PYSEC-2019-79...
admindjango-ckeditor-blog (=0.1.0), aileen (>=0.2.0.dev20181221 <=0.2.1) +41 more potentially affected by CVE-2019-12308 via django (>=1.11.0 <=1.11.20)
django PYPI version =1.11.0, =0.2.0.dev20181221, =0.0.19, =4.4.1, =1.0.0, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =1.0.1 - django-defender =0.5.0 and more Source cves: CVE-2019-12308 Source advisory: OSV:PYSEC-2019-79...
CVE-2019-12308
The CVE-2019-12308 issue in Django affects the AdminURLFieldWidget, where the current URL value is displayed without validating it as a safe URL. This allows an unvalidated value stored in the database or supplied via a URL query to render as a clickable JavaScript link, enabling cross-site scrip...
CVE-2019-12308
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...
CVE-2019-12308
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...