Lucene search
GoogleOSV:DSA-2529-1HistoryAug 14, 2012 - 12:00 a.m.
python-django - several
2012-08-1400:00:00
Google
osv.dev
12
EPSS
0.021
Percentile
89.1%
Jeroen Dekkers and others reported several vulnerabilities in Django,
a Python Web framework. The Common Vulnerabilities and Exposures
project defines the following issues:
- CVE-2012-3442
Two functions do not validate the scheme of a redirect target,
which might allow remote attackers to conduct cross-site scripting
(XSS) attacks via a data: URL. - CVE-2012-3443
The ImageField class completely decompresses image data during image
validation, which allows remote attackers to cause a denial of service
(memory consumption) by uploading an image file. - CVE-2012-3444
The get_image_dimensions function in the image-handling functionality
uses a constant chunk size in all attempts to determine dimensions,
which allows remote attackers to cause a denial of service (process
or thread consumption) via a large TIFF image.
For the stable distribution (squeeze), this problem has been fixed in
version 1.2.3-3+squeeze3.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.1-1.
We recommend that you upgrade your python-django packages.
References
Related
nessus
nessus
Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : python-django vulnerabilities (USN-1560-1)
2012-09-11 00:00:00
Fedora 17 : Django-1.4.1-1.fc17 (2012-11415)
2012-08-13 00:00:00
Mandriva Linux Security Advisory : python-django (MDVSA-2012:143)
2012-09-06 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: Django-1.4.1-1.fc17
2012-08-10 22:27:19
[SECURITY] Fedora 17 Update: Django-1.4.3-1.fc17
2012-12-20 03:20:48
[SECURITY] Fedora 16 Update: Django-1.3.2-1.fc16
2012-08-10 22:34:03
openvas
openvas
Debian: Security Advisory (DSA-2529-1)
2013-09-18 00:00:00
Fedora Update for Django FEDORA-2012-11416
2012-08-14 00:00:00
Ubuntu: Security Advisory (USN-1560-1)
2012-09-11 00:00:00
debian
debian
[SECURITY] [DSA 2529-1] python-django security update
2012-08-14 20:05:21
securityvulns
securityvulns
[ MDVSA-2012:143 ] python-django
2012-09-03 00:00:00
freebsd
freebsd
django -- multiple vulnerabilities
2012-07-30 00:00:00
seebug
seebug
Djangoθ·¨η«θζ¬ζ§θ‘εδΈ€δΈͺζη»ζε‘ζΌζ΄
2012-08-03 00:00:00
ubuntu
ubuntu
Django vulnerabilities
2012-09-10 00:00:00
debiancve
debiancve
osv
osv
Django Allows Redirect via Data URL
2022-05-17 05:12:01
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
2022-05-17 05:12:01
PYSEC-2012-4
2012-07-31 17:55:00
cve
cve
github
github
Django Allows Redirect via Data URL
2022-05-17 05:12:01
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
2022-05-17 05:12:01
Django Image Field Vulnerable to Image Decompression Bombs
2022-05-17 05:12:01
prion
prion
Cross site scripting
2012-07-31 17:55:00
Design/Logic Flaw
2012-07-31 17:55:00
Design/Logic Flaw
2012-07-31 17:55:00
ubuntucve
ubuntucve
nvd
nvd
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2022-05-17 00:00:00
Improper Restriction of Operations within the Bounds of a Memory Buffer
2022-05-17 00:00:00
Improper Input Validation
2022-05-17 00:00:00
cvelist
cvelist