Debian: Security Advisory (DLA-349-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Django settings leak in date template filter

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

python-django: Information leak through date template filter

An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format...

SUSE-SU-2016:0040-1 Security update for python-Django

This update for python-Django fixes the following issues: - Prevent settings leak in date template filter. bsc955412, CVE-2015-8213...

SUSE-SU-2015:2327-1 Security update for python-Django

This update for python-Django fixes the following issues: - Add 0004-1.6.x-fixed-a-settings-leak-possibility-in-the-date-.patch to prevent settings leak in date template filter bsc955412, CVE-2015-8213...

Settings leak in date template filter

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g. SECRETKEY instead of j/m/Y...

python-django date template filter information disclosure vulnerability

Django is the open source Python Web application development framework. A security vulnerability exists in the date template filter of python-django. A remote attacker can exploit this vulnerability to obtain sensitive information within the application settings...

Debian DSA-3404-1 : python-django - security update

Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application's settings. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DLA-349-1 : python-django security update

It was discovered that there was a potential settings leak in date template filter of Django, a web-development framework. If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious...

[SECURITY] [DLA 349-1] python-django security update

Package : python-django Version : 1.2.3-3+squeeze15 CVE ID : CVE-2015-8213 It was discovered that there was a potential settings leak in date template filter of Django, a web-development framework. If an application allows users to specify an unvalidated format for dates and passes this format to...

[SECURITY] [DSA 3404-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3404-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2015 https://www.debian.org/security/faq -...

DSA-3404-1 python-django - security update

Bulletin has no description...

Debian Security Advisory DSA 3404-1 (python-django - security update)

Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application OpenVAS Vulnerability Test $Id: deb3404.nasl 6609 2017-07-07 12:05:59Z...

USN-2816-1 python-django vulnerability

Ryan Butterfield discovered that Django incorrectly handled the date template filter. A remote attacker could possibly use this issue to obtain secrets from application settings...

USN-2816-1: Django vulnerability

Ryan Butterfield discovered that Django incorrectly handled the date template filter. A remote attacker could possibly use this issue to obtain secrets from application settings...