4 matches found
Information Disclosure Through Date Template Filter
Django is vulnerable to information disclosure. This vulnerability is caused in the getformat function in utils/formats.py which allows a malicious user to obtain any secret in the application settings by specifying a settings key name instead of a date format...
PYSEC-2015-11
The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...
CVE-2015-8213
CVE-2015-8213 affects Django: get_format in utils/formats.py could expose sensitive settings (e.g., SECRET_KEY) when a format is taken from a settings key instead of a date/time format. Affected versions: Django 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2. Impact is informati...
CVE-2015-8213
The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...