Описание
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.8.7-1ubuntu1 |
| esm-infra-legacy/trusty | released | 1.6.1-2ubuntu0.11 |
| precise | released | 1.3.1-4ubuntu1.19 |
| trusty | released | 1.6.1-2ubuntu0.11 |
| trusty/esm | released | 1.6.1-2ubuntu0.11 |
| upstream | released | 1.8.7,1.7.11 |
| vivid | released | 1.7.6-1ubuntu2.3 |
| wily | released | 1.7.9-1ubuntu5.1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
The get_format function in utils/formats.py in Django before 1.7.x bef ...
EPSS
5 Medium
CVSS2