GHSA-6C7V-2F49-8H26 Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

PT-2019-2628 · Django Software Foundation +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 1.11 before 1.11.22 Django versions 2.1 before 2.1.10 Django versions 2.2 before 2.2.3 Description: An issue in Django causes incorrect behavior of django.http.HttpRequest.scheme when a client uses HTTP, but the proxy connects...