Описание
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.6.6-1 |
| esm-infra-legacy/trusty | not-affected | 1.6.1-2ubuntu0.4 |
| lucid | released | 1.1.1-2ubuntu1.13 |
| precise | released | 1.3.1-4ubuntu1.12 |
| trusty | released | 1.6.1-2ubuntu0.4 |
| trusty/esm | not-affected | 1.6.1-2ubuntu0.4 |
| upstream | released | 1.6.6-1 |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x ...
EPSS
5.8 Medium
CVSS2