Benjamin Bach

**Name of the Vulnerable Software and Affected Versions** Django versions prior to 1.4.11 Django versions 1.5.x prior to 1.5.6 Django versions 1.6.x prior to 1.6.3 Django versions 1.7.x prior to 1.7 beta 2 **Description** The issue allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." This can be achieved through the django.core.urlresolvers.reverse function. **Recommendations** For Django versions prior to 1.4.11, update to version 1.4.11 or later. For Django versions 1.5.x prior to 1.5.6, update to version 1.5.6 or later. For Django versions 1.6.x prior to 1.6.3, update to version 1.6.3 or later. For Django versions 1.7.x prior to 1.7 beta 2, update to version 1.7 beta 2 or later.