Lucene search
FreeBSD3C5579F7-294A-11E4-99F6-00E0814CAB4EHistoryAug 20, 2014 - 12:00 a.m.
django -- multiple vulnerabilities
2014-08-2000:00:00
vuxml.freebsd.org
17
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
0.023
Percentile
90.0%
The Django project reports:
These releases address an issue with reverse() generating external
URLs; a denial of service involving file uploads; a potential
session hijacking issue in the remote-user middleware; and a data
leak in the administrative interface. We encourage all users of
Django to upgrade as soon as possible.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | py27-django | = 1.6 | UNKNOWN |
| FreeBSD | any | noarch | py27-django | < 1.6.6 | UNKNOWN |
| FreeBSD | any | noarch | py27-django15 | = 1.5 | UNKNOWN |
| FreeBSD | any | noarch | py27-django15 | < 1.5.9 | UNKNOWN |
| FreeBSD | any | noarch | py27-django14 | = 1.4 | UNKNOWN |
| FreeBSD | any | noarch | py27-django14 | < 1.4.14 | UNKNOWN |
| FreeBSD | any | noarch | py32-django | = 1.6 | UNKNOWN |
| FreeBSD | any | noarch | py32-django | < 1.6.6 | UNKNOWN |
| FreeBSD | any | noarch | py32-django15 | = 1.5 | UNKNOWN |
| FreeBSD | any | noarch | py32-django15 | < 1.5.9 | UNKNOWN |
Related
osv
osv
python-django - security update
2014-08-22 00:00:00
python-django - security update
2014-09-29 00:00:00
Django denial of service via file upload naming
2022-05-14 02:05:08
openvas
openvas
Ubuntu: Security Advisory (USN-2347-1)
2014-09-17 00:00:00
Gentoo Security Advisory GLSA 201412-22
2015-09-29 00:00:00
Debian Security Advisory DSA 3010-1 (python-django - security update)
2014-08-22 00:00:00
nessus
nessus
Fedora 19 : python-django14-1.4.16-1.fc19 (2014-15307)
2014-12-02 00:00:00
Debian DLA-65-1 : python-django security update
2015-03-26 00:00:00
debian
debian
[SECURITY] [DSA 3010-1] python-django security update
2014-08-22 20:52:59
[SECURITY] [DLA 65-1] python-django security update
2014-09-29 08:20:58
[SECURITY] [DSA 3010-1] python-django security update
2014-08-22 20:52:59
securityvulns
securityvulns
[SECURITY] [DSA 3010-1] python-django security update
2014-08-26 00:00:00
gentoo
gentoo
Django: Multiple vulnerabilities
2014-12-13 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: python-django15-1.5.9-1.fc20
2014-09-10 13:29:30
[SECURITY] Fedora 20 Update: python-django14-1.4.14-1.fc20
2014-09-09 22:27:18
[SECURITY] Fedora 20 Update: python-django14-1.4.16-1.fc20
2014-12-01 18:59:44
mageia
mageia
Updated python-django packages fix multiple vulnerabilities
2014-09-05 13:07:37
ubuntu
ubuntu
Django vulnerabilities
2014-09-16 00:00:00
ubuntucve
ubuntucve
github
github
Django denial of service via file upload naming
2022-05-14 02:05:08
Django Middleware Enables Session Hijacking
2022-05-14 02:09:22
Django data leakage via querystring manipulation in admin
2022-05-14 02:09:22
cvelist
cvelist
debiancve
debiancve
prion
prion
Default configuration
2014-08-26 14:55:00
Design/Logic Flaw
2014-08-26 14:55:00
Crlf injection
2014-08-26 14:55:00
nvd
nvd
cve
cve
gitlab
gitlab
Improper Input Validation
2022-05-14 00:00:00
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
0.023
Percentile
90.0%
Related for 3C5579F7-294A-11E4-99F6-00E0814CAB4E