Lucene search

Veracode Vulnerability DatabaseVERACODE:11406

HistoryJan 15, 2019 - 9:01 a.m.

Remote Code Execution (RCE)

2019-01-1509:01:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Django is vulnerable to remote code execution. The django.core.urlresolvers.reverse function allows remote attackers to use a view that constructs URLs to input a “dotted Python path” to import and execute Python modules.

CPENameOperatorVersion
django14eq1.4.8__1.el6ost
django14eq1.4.2__2.el6
django14eq1.4.4__1.el6ost

Name	Operator	Version
django14	eq	1.4.8__1.el6ost
django14	eq	1.4.2__2.el6
django14	eq	1.4.4__1.el6ost

References

lists.opensuse.org/opensuse-updates/2014-09/msg00023.html

rhn.redhat.com/errata/RHSA-2014-0456.html

rhn.redhat.com/errata/RHSA-2014-0457.html

secunia.com/advisories/61281

www.debian.org/security/2014/dsa-2934

www.ubuntu.com/usn/USN-2169-1

access.redhat.com/security/updates/classification/#moderate

rhn.redhat.com/errata/RHSA-2014-0457.html

www.djangoproject.com/weblog/2014/apr/21/security/

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:11406