Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-12781

Опубликовано: 01 июл. 2019
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed1:1.11.22-1package
python-djangofixed1:1.11.22-1~deb10u1busterpackage

Примечания

  • https://www.djangoproject.com/weblog/2019/jul/01/security-releases/

  • https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (master)

  • https://github.com/django/django/commit/77706a3e4766da5d5fb75c4db22a0a59a28e6cd6 (2.2)

  • https://github.com/django/django/commit/1e40f427bb8d0fb37cc9f830096a97c36c97af6f (2.1)

  • https://github.com/django/django/commit/32124fc41e75074141b05f10fc55a4f01ff7f050 (1.11)

EPSS

Процентиль: 84%
0.02419
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-12781

CVSS3: 5.3
ubuntu
почти 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

redhat логотип

CVE-2019-12781

CVSS3: 4.8
redhat
почти 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

nvd логотип

CVE-2019-12781

CVSS3: 5.3
nvd
почти 6 лет назад

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

github логотип

GHSA-6c7v-2f49-8h26

CVSS3: 5.3
github
почти 6 лет назад

Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

fstec логотип

BDU:2019-02513

CVSS3: 5.3
fstec
почти 6 лет назад

Уязвимость компонента django.http.HttpRequest.scheme библиотеки Django для языка программирования Python, позволяющая нарушителю получить доступ к защищаемой информации

EPSS

Процентиль: 84%
0.02419
Низкий