Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-2512

Опубликовано: 08 апр. 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 7.4

Описание

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

РелизСтатусПримечание
devel

released

1.8.7-1ubuntu2
esm-infra-legacy/trusty

not-affected

1.6.1-2ubuntu0.12
precise

released

1.3.1-4ubuntu1.20
trusty

released

1.6.1-2ubuntu0.12
trusty/esm

not-affected

1.6.1-2ubuntu0.12
upstream

released

1.8.10,1.9.3
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

released

1.7.9-1ubuntu5.2

Показывать по

EPSS

Процентиль: 63%
0.00458
Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3

Связанные уязвимости

redhat
больше 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

CVSS3: 7.4
nvd
больше 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.

CVSS3: 7.4
debian
больше 9 лет назад

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x ...

CVSS3: 7.4
github
около 3 лет назад

Django XSS Vulnerability

suse-cvrf
больше 7 лет назад

Security update for python-Django

EPSS

Процентиль: 63%
0.00458
Низкий

4.3 Medium

CVSS2

7.4 High

CVSS3