Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-12781

Опубликовано: 01 июл. 2019
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed1:1.11.22-1package
python-djangofixed1:1.11.22-1~deb10u1busterpackage

Примечания

  • https://www.djangoproject.com/weblog/2019/jul/01/security-releases/

  • https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (master)

  • https://github.com/django/django/commit/77706a3e4766da5d5fb75c4db22a0a59a28e6cd6 (2.2)

  • https://github.com/django/django/commit/1e40f427bb8d0fb37cc9f830096a97c36c97af6f (2.1)

  • https://github.com/django/django/commit/32124fc41e75074141b05f10fc55a4f01ff7f050 (1.11)

EPSS

Процентиль: 83%
0.02044
Низкий

Связанные уязвимости

CVSS3: 5.3
ubuntu
около 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

CVSS3: 4.8
redhat
около 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

CVSS3: 5.3
nvd
около 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

CVSS3: 5.3
github
около 6 лет назад

Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

CVSS3: 5.3
fstec
около 6 лет назад

Уязвимость компонента django.http.HttpRequest.scheme библиотеки Django для языка программирования Python, позволяющая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 83%
0.02044
Низкий