Логотип exploitDog
product: "django"
Консоль
Логотип exploitDog

exploitDog

product: "django"
Django

Djangoсвободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC

Релизный цикл, информация об уязвимостях

Продукт: Django
Вендор: djangoproject

График релизов

4.25.05.15.22023202420252026202720282029

Недавние уязвимости Django

Количество 679

redhat логотип

CVE-2015-8213

почти 10 лет назад

The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2015-5964

около 10 лет назад

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

CVSS2: 5
EPSS: Низкий
debian логотип

CVE-2015-5964

около 10 лет назад

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache ...

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2015-5963

около 10 лет назад

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

CVSS2: 5
EPSS: Низкий
debian логотип

CVE-2015-5963

около 10 лет назад

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1 ...

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2015-5963

около 10 лет назад

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2015-5964

около 10 лет назад

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

CVSS2: 5
EPSS: Низкий
fstec логотип

BDU:2015-11320

около 10 лет назад

Уязвимость фреймворка для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

CVSS2: 5
EPSS: Низкий
fstec логотип

BDU:2015-11321

около 10 лет назад

Уязвимость фреймворка для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

CVSS2: 5
EPSS: Низкий
redhat логотип

CVE-2015-5963

около 10 лет назад

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
redhat логотип
CVE-2015-8213

The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.

CVSS2: 4.3
3%
Низкий
почти 10 лет назад
nvd логотип
CVE-2015-5964

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

CVSS2: 5
8%
Низкий
около 10 лет назад
debian логотип
CVE-2015-5964

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache ...

CVSS2: 5
8%
Низкий
около 10 лет назад
nvd логотип
CVE-2015-5963

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

CVSS2: 5
8%
Низкий
около 10 лет назад
debian логотип
CVE-2015-5963

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1 ...

CVSS2: 5
8%
Низкий
около 10 лет назад
ubuntu логотип
CVE-2015-5963

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

CVSS2: 5
8%
Низкий
около 10 лет назад
ubuntu логотип
CVE-2015-5964

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

CVSS2: 5
8%
Низкий
около 10 лет назад
fstec логотип
BDU:2015-11320

Уязвимость фреймворка для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

CVSS2: 5
8%
Низкий
около 10 лет назад
fstec логотип
BDU:2015-11321

Уязвимость фреймворка для веб-приложений Django, позволяющая нарушителю вызвать отказ в обслуживании

CVSS2: 5
8%
Низкий
около 10 лет назад
redhat логотип
CVE-2015-5963

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

CVSS2: 5
8%
Низкий
около 10 лет назад

Уязвимостей на страницу

Поделиться