PT-2011-2568 · Django · Django

Paul Mcmillan

·

Publicado

2011-02-14

·

Atualizado

2018-07-23

·

CVE-2011-0698

CVSS v4.0

9.3

Crítica

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Django versions 1.1.x through 1.1.3 Django versions 1.2.x through 1.2.4
Description A directory traversal issue might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
Recommendations For Django versions 1.1.x through 1.1.3, update to version 1.1.4 or later. For Django versions 1.2.x through 1.2.4, update to version 1.2.5 or later.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2011-0698
GHSA-7G9H-C88W-R7H2
PYSEC-2011-12

Produtos afetados

Django