CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
92.3%
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as much
as possible and adhering to the DRY (Don’t Repeat Yourself) principle.
Security Fix(es):
Incorrect HTTP detection with reverse-proxy connecting via HTTPS
(CVE-2019-12781)
backtracking in a regular expression in django.utils.text.Truncator leads
to DoS (CVE-2019-14232)
the behavior of the underlying HTMLParser leading to DoS (CVE-2019-14233)
SQL injection possibility in key and index lookups for
JSONField/HStoreField (CVE-2019-14234)
Potential memory exhaustion in django.utils.encoding.uri_to_iri()
(CVE-2019-14235)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python-django-bash-completion | < 1.11.27-1.el7ost | python-django-bash-completion-1.11.27-1.el7ost.noarch.rpm |
RedHat | 7 | noarch | python2-django | < 1.11.27-1.el7ost | python2-django-1.11.27-1.el7ost.noarch.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
92.3%