Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-12781

Опубликовано: 01 июл. 2019
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed1:1.11.22-1package
python-djangofixed1:1.11.22-1~deb10u1busterpackage

Примечания

  • https://www.djangoproject.com/weblog/2019/jul/01/security-releases/

  • https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (master)

  • https://github.com/django/django/commit/77706a3e4766da5d5fb75c4db22a0a59a28e6cd6 (2.2)

  • https://github.com/django/django/commit/1e40f427bb8d0fb37cc9f830096a97c36c97af6f (2.1)

  • https://github.com/django/django/commit/32124fc41e75074141b05f10fc55a4f01ff7f050 (1.11)

EPSS

Процентиль: 88%
0.03901
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-12781

CVSS3: 5.3
ubuntu
больше 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

redhat логотип

CVE-2019-12781

CVSS3: 4.8
redhat
больше 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

nvd логотип

CVE-2019-12781

CVSS3: 5.3
nvd
больше 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

github логотип

GHSA-6c7v-2f49-8h26

CVSS3: 5.3
github
больше 6 лет назад

Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

fstec логотип

BDU:2019-02513

CVSS3: 5.3
fstec
больше 6 лет назад

Уязвимость компонента django.http.HttpRequest.scheme библиотеки Django для языка программирования Python, позволяющая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 88%
0.03901
Низкий