Количество 7
Количество 7
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, ...
SUSE-SU-2025:01952-1
Security update for python-Django
GHSA-7xr5-9hcq-chf9
Django Improper Output Neutralization for Logs vulnerability
BDU:2025-06450
Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 4 | 0% Низкий | 14 дней назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 5.4 | 0% Низкий | 15 дней назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 4 | 0% Низкий | 14 дней назад |
| CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, ... | CVSS3: 4 | 0% Низкий | 14 дней назад |
 | SUSE-SU-2025:01952-1 Security update for python-Django | 0% Низкий | 6 дней назад | |
| GHSA-7xr5-9hcq-chf9 Django Improper Output Neutralization for Logs vulnerability | CVSS3: 4 | 0% Низкий | 14 дней назад |
 | BDU:2025-06450 Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале | CVSS3: 4 | 0% Низкий | 16 дней назад |
Уязвимостей на страницу