Lucene search
+L

4 matches found

veracode
veracode
added 2019/01/15 9:10 a.m.25 views

Information Disclosure Through Date Template Filter

Django is vulnerable to information disclosure. This vulnerability is caused in the getformat function in utils/formats.py which allows a malicious user to obtain any secret in the application settings by specifying a settings key name instead of a date format...

5CVSS5.4AI score0.04284EPSS
Exploits0References16Affected Software1
osv
osv
added 2015/12/07 8:59 p.m.13 views

PYSEC-2015-11

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

5CVSS7.1AI score0.04284EPSS
Exploits0References15
cvelist
cvelist
added 2015/12/07 8:0 p.m.26 views

CVE-2015-8213

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

6AI score0.04284EPSS
Exploits0References14
cve
cve
added 2015/12/07 8:0 p.m.116 views

CVE-2015-8213

CVE-2015-8213 affects Django: get_format in utils/formats.py could expose sensitive settings (e.g., SECRET_KEY) when a format is taken from a settings key instead of a date/time format. Affected versions: Django 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2. Impact is informati...

5CVSS6.1AI score0.04284EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder