Уязвимость CVE-2017-12794

Пакет	Статус	Версия исправления	Релиз	Тип
python-django	fixed	1:1.11.5-1		package
python-django	fixed	1:1.10.7-2+deb9u2	stretch	package
python-django	not-affected		jessie	package
python-django	not-affected		wheezy	package

CVE-2017-12794

CVSS3: 6.1

ubuntu

почти 8 лет назад

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.

CVE-2017-12794

CVSS3: 4

redhat

почти 8 лет назад

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.

CVE-2017-12794

CVSS3: 6.1

nvd

почти 8 лет назад

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.

GHSA-9r8w-6x8c-6jr9

CVSS3: 6.1

github

больше 6 лет назад

Django vulnerable to XSS on 500 pages

BDU:2019-04056

CVSS3: 6.1

fstec

почти 8 лет назад

Уязвимость функции авто-экранирования HTML библиотеки Django для языка программирования Python, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

exploitDog

CVE-2017-12794

Описание

Пакеты

Примечания

Связанные уязвимости