Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-2512

Опубликовано: 08 апр. 2016
Источник: debian

Описание

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed1.9.4-1package

Примечания

  • https://www.djangoproject.com/weblog/2016/mar/01/security-releases/

Связанные уязвимости

CVSS3: 7.4
ubuntu
больше 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

redhat
больше 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

CVSS3: 7.4
nvd
больше 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

CVSS3: 7.4
github
около 3 лет назад

Django XSS Vulnerability

suse-cvrf
больше 7 лет назад

Security update for python-Django