Количество 9
Количество 9
GHSA-7xr5-9hcq-chf9
Django Improper Output Neutralization for Logs vulnerability
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
CVE-2025-48432
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, ...
SUSE-SU-2025:02248-1
Security update for python-Django
SUSE-SU-2025:01952-1
Security update for python-Django
BDU:2025-06450
Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале
ROS-20250924-06
Множественные уязвимости python3-django
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-7xr5-9hcq-chf9 Django Improper Output Neutralization for Logs vulnerability | CVSS3: 4 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 4 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 5.4 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | CVSS3: 4 | 0% Низкий | 6 месяцев назад |
| CVE-2025-48432 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, ... | CVSS3: 4 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:02248-1 Security update for python-Django | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2025:01952-1 Security update for python-Django | 0% Низкий | 6 месяцев назад | |
 | BDU:2025-06450 Уязвимость функции django.utils.log.log_response() программной платформы для веб-приложений Django, позволяющая нарушителю получить доступ на изменение данных в журнале | CVSS3: 4 | 0% Низкий | 6 месяцев назад |
 | ROS-20250924-06 Множественные уязвимости python3-django | CVSS3: 7.1 | 2 месяца назад |
Уязвимостей на страницу