The vulnerability of the `django.http.HttpRequest.scheme` component in the Django library for the Python programming language allows attackers to access protected information.

The vulnerability of the django.http.HttpRequest.scheme component in the Django library for the Python programming language is related to errors in handling HTTP requests when these are identified as HTTPS requests. Exploiting this vulnerability can allow an attacker to gain access to protected...

ALPINE-CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

PYSEC-2019-10

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

PT-2019-2628 · Django Software Foundation +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 1.11 before 1.11.22 Django versions 2.1 before 2.1.10 Django versions 2.2 before 2.2.3 Description: An issue in Django causes incorrect behavior of django.http.HttpRequest.scheme when a client uses HTTP, but the proxy connects...

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

DEBIAN-CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

UBUNTU-CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...