CVE-2014-0472

Name of the Vulnerable Software and Affected Versions Django versions prior to 1.4.11 Django versions 1.5.x prior to 1.5.6 Django versions 1.6.x prior to 1.6.3 Django versions 1.7.x prior to 1.7 beta 2

Description The issue allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." This can be achieved through the django.core.urlresolvers.reverse function.

Recommendations For Django versions prior to 1.4.11, update to version 1.4.11 or later. For Django versions 1.5.x prior to 1.5.6, update to version 1.5.6 or later. For Django versions 1.6.x prior to 1.6.3, update to version 1.6.3 or later. For Django versions 1.7.x prior to 1.7 beta 2, update to version 1.7 beta 2 or later.