Количество 8
Количество 8
GHSA-7xr5-9hcq-chf9
Django Improper Output Neutralization for Logs vulnerability
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, ...
SUSE-SU-2025:02248-1
Security update for python-Django
SUSE-SU-2025:01952-1
Security update for python-Django
BDU:2025-06450
Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-7xr5-9hcq-chf9 Django Improper Output Neutralization for Logs vulnerability | CVSS3: 4 | 0% Низкий | 2 месяца назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 4 | 0% Низкий | 2 месяца назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 5.4 | 0% Низкий | 2 месяца назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 4 | 0% Низкий | 2 месяца назад |
| CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, ... | CVSS3: 4 | 0% Низкий | 2 месяца назад |
 | SUSE-SU-2025:02248-1 Security update for python-Django | 0% Низкий | 28 дней назад | |
| SUSE-SU-2025:01952-1 Security update for python-Django | 0% Низкий | около 2 месяцев назад | |
 | BDU:2025-06450 Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале | CVSS3: 4 | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу