Django@1.8.9 Security Vulnerabilities and Issues — Django@1.8.9 CVE List

Lucene search

DjangoprojectDjango1.8.9

4 matches found

CVE•added 2016/12/09 8:59 p.m.•416 views

CVE-2016-9014

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.

8.1CVSS8.6AI score0.04886EPSS

CVE•added 2016/12/09 8:59 p.m.•410 views

CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually s...

9.8CVSS9AI score0.02723EPSS

CVE•added 2016/04/08 3:59 p.m.•112 views

CVE-2016-2512

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http:...

7.4CVSS7AI score0.00458EPSS

CVE•added 2016/04/08 3:59 p.m.•94 views

CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.

3.1CVSS5.3AI score0.01086EPSS