CVSS: 6.4EPSS: 0%CPEs: 39EXPL: 0CVE-2014-1418
https://notcve.org/view.php?id=CVE-2014-1418
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. Django 1.4 anterior a 1.4.13, 1.5 anterior a 1.5.8, 1.6 anterior a 1.6.5 y 1.7 anterior a 1.7b4 no incluye debidamente la cabecera (1) Vary: Cookie o (2) Cache-Control en respuestas, lo que permite a atacantes remotos obtener información sensible o envenenar la caché a través de una solicitud de ciertos navegadores. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://secunia.com/advisories/61281 http://ubuntu.com/usn/usn-2212-1 http://www.debian.org/security/2014/dsa-2934 http://www.openwall.com/lists/oss-security/2014/05/14/10 http://www.openwall.com/lists/oss-security/2014/05/15/3 https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued •
CVSS: 5.1EPSS: 2%CPEs: 28EXPL: 1CVE-2014-0472 – python-django: unexpected code execution using reverse()
https://notcve.org/view.php?id=CVE-2014-0472
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." La función django.core.urlresolvers.reverse en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a 1.6.3 y 1.7.x anterior a 1.7 beta 2 permite a atacantes remotos importar y ejecutar módulos Python arbitrarios mediante el aprovechamiento de una visualización que construye URLs utilizando entradas de usuarios y una "ruta Python con puntos." • https://github.com/christasa/CVE-2014-0472 http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://rhn.redhat.com/errata/RHSA-2014-0456.html http://rhn.redhat.com/errata/RHSA-2014-0457.html http://secunia.com/advisories/61281 http://www.debian.org/security/2014/dsa-2934 http://www.ubuntu.com/usn/USN-2169-1 https://www.djangoproject.com/weblog/2014/apr/21/security https://access.redhat.com/security/cve/CVE-2014-0472 https://bugzilla.redhat.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 28EXPL: 0CVE-2014-0473 – python-django: caching of anonymous pages could reveal CSRF token
https://notcve.org/view.php?id=CVE-2014-0473
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. La plataforma de caché en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a 1.6.3 y 1.7.x anterior a 1.7 beta 2 reutiliza un token de CSRF en caché para todos los usuarios anónimos, lo que permite a atacantes remotos evadir protecciones de CSRF mediante la lectura del cookie de CSRF para usuarios anónimos. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://rhn.redhat.com/errata/RHSA-2014-0456.html http://rhn.redhat.com/errata/RHSA-2014-0457.html http://secunia.com/advisories/61281 http://www.debian.org/security/2014/dsa-2934 http://www.ubuntu.com/usn/USN-2169-1 https://www.djangoproject.com/weblog/2014/apr/21/security https://access.redhat.com/security/cve/CVE-2014-0473 https://bugzilla.redhat.com/show_bug.cgi?id=1090592 • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2014-0474 – python-django: MySQL typecasting
https://notcve.org/view.php?id=CVE-2014-0474
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting." Las clases de campo de modelo (1) FilePathField, (2) GenericIPAddressField y (3) IPAddressField en Django anterior a 1.4.11, 1.5.x anterior a 1.5.6, 1.6.x anterior a1.6.3 y 1.7.x anterior a 1.7 beta 2 no realizan debidamente conversión de tipo, lo que permite a atacantes remotos tener impacto y vectores no especificados, relacionado con "MySQL typecasting." • http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html http://rhn.redhat.com/errata/RHSA-2014-0456.html http://rhn.redhat.com/errata/RHSA-2014-0457.html http://secunia.com/advisories/61281 http://www.debian.org/security/2014/dsa-2934 http://www.ubuntu.com/usn/USN-2169-1 https://www.djangoproject.com/weblog/2014/apr/21/security https://access.redhat.com/security/cve/CVE-2014-0474 https://bugzilla.redhat.com/show_bug.cgi?id=1090593 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2013-6044 – python-django: xss in is_safe_url function
https://notcve.org/view.php?id=CVE-2013-6044
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme. La función is_safe_url en utils/http.py de Django 1.4.x anterior a la versión 1.4.6, 1.5.x anterior a la versión 1.5.2, y 1.6 anterior a beta 2 trata un esquema de URL como seguro incluso si no es HTTP o HTTPS, lo que podría permitir XSS u otras vulnerabilidades en aplicaciones Django que usen esta función, como se ha demostrado con "la vista de inicio de sesión en django.contrib.auth.views" y el javascript: scheme. • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://rhn.redhat.com/errata/RHSA-2013-1521.html http://seclists.org/oss-sec/2013/q3/369 http://seclists.org/oss-sec/2013/q3/411 http://secunia.com/advisories/54476 http://www.debian.org/security/2013/dsa-2740 http://www.securityfocus.com/bid/61777 http://www.securitytracker.com/id/1028915 https://exchange.xforce.ibmcloud.com/vulnerabilities/86437 https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •