Django@1.4 Security Vulnerabilities and Issues — Django@1.4 CVE List

Lucene search

DjangoprojectDjango1.4

4 matches found

CVE•added 2012/07/31 5:55 p.m.•87 views

CVE-2012-3442

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.

4.3CVSS5.4AI score0.00442EPSS

CVE•added 2012/11/18 11:55 p.m.•81 views

CVE-2012-4520

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

6.4CVSS6.6AI score0.04443EPSS

CVE•added 2012/07/31 5:55 p.m.•79 views

CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.

5CVSS6.2AI score0.01382EPSS

CVE•added 2012/07/31 5:55 p.m.•68 views

CVE-2012-3444

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

5CVSS6.3AI score0.0119EPSS