CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2013-6044 – python-django: xss in is_safe_url function
https://notcve.org/view.php?id=CVE-2013-6044
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme. La función is_safe_url en utils/http.py de Django 1.4.x anterior a la versión 1.4.6, 1.5.x anterior a la versión 1.5.2, y 1.6 anterior a beta 2 trata un esquema de URL como seguro incluso si no es HTTP o HTTPS, lo que podría permitir XSS u otras vulnerabilidades en aplicaciones Django que usen esta función, como se ha demostrado con "la vista de inicio de sesión en django.contrib.auth.views" y el javascript: scheme. • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://rhn.redhat.com/errata/RHSA-2013-1521.html http://seclists.org/oss-sec/2013/q3/369 http://seclists.org/oss-sec/2013/q3/411 http://secunia.com/advisories/54476 http://www.debian.org/security/2013/dsa-2740 http://www.securityfocus.com/bid/61777 http://www.securitytracker.com/id/1028915 https://exchange.xforce.ibmcloud.com/vulnerabilities/86437 https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 16EXPL: 0CVE-2013-1443
https://notcve.org/view.php?id=CVE-2013-1443
The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. El framework de autenticación (django.contrib.auth) en Django 1.4.x anteriores a 1.4.8, 1.5.x anteriores a 1.5.4, y 1.6.x anteriores a 1.6 beta 4 permite a atacantes remotos causar denegación de servicio (consumo de CPU) a través de una contraseña larga al ser luego procesada por una función de resumen (hashed). • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00035.html http://python.6.x6.nabble.com/Set-a-reasonable-upper-bound-on-password-length-td5032218.html http://www.debian.org/security/2013/dsa-2758 https://www.djangoproject.com/weblog/2013/sep/15/security • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2013-4315 – python-django: directory traversal with "ssi" template tag
https://notcve.org/view.php?id=CVE-2013-4315
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag. Vulnerabilidad de recorrido de directorios en Django 1.4.x anterior a 1.4.7, 1.5.x anterior a 1.5.3, y 1.6.x anterior a 1.6 beta 3 permite a atacantes remotos leer ficheros arbitrarios a través de una ruta de fichero en la opción ALLOWED_INCLUDE_ROOTS en una etiqueta de plantilla ssi • http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html http://rhn.redhat.com/errata/RHSA-2013-1521.html http://secunia.com/advisories/54772 http://secunia.com/advisories/54828 http://www.debian.org/security/2013/dsa-2755 https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued https://access.redhat.com/security/cve/CVE-2013-4315 https://bugzilla.redhat.com/show_bug.cgi?id=1004969 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 2CVE-2013-4249
https://notcve.org/view.php?id=CVE-2013-4249
Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField. Vulnerabilidad de XSS en el widget AdminURLFieldWidget en contrib/admin/widgets.py de Django 1.5.x anterior a la versión 1.5.2 y 1.6.x anterior a 1.6 beta 2 permite a atacantes remotos inyectar script web arbitrario o HTML a través de una URLField. • http://seclists.org/oss-sec/2013/q3/369 http://seclists.org/oss-sec/2013/q3/411 http://secunia.com/advisories/54476 http://www.securitytracker.com/id/1028915 https://exchange.xforce.ibmcloud.com/vulnerabilities/86438 https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78 https://github.com/django/django/commit/cbe6d5568f4f5053ed7228ca3c3d0cce77cf9560 https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0305 – Django: Data leakage via admin history log
https://notcve.org/view.php?id=CVE-2013-0305
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information. La interfaz administrativa para Django v1.3.x antes de v1.3.6, v1.4.x antes de v1.4.4, y v1.5 antes de la release candidate v2 no comprueba los permisos para la vista del historial, que permite a usuarios administradores autenticados obtener información del historial. • http://rhn.redhat.com/errata/RHSA-2013-0670.html http://ubuntu.com/usn/usn-1757-1 http://www.debian.org/security/2013/dsa-2634 https://www.djangoproject.com/weblog/2013/feb/19/security https://access.redhat.com/security/cve/CVE-2013-0305 https://bugzilla.redhat.com/show_bug.cgi?id=913041 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •