CVE-2014-0474

Name of the Vulnerable Software and Affected Versions Django versions prior to 1.4.11 Django versions 1.5.x prior to 1.5.6 Django versions 1.6.x prior to 1.6.3 Django versions 1.7.x prior to 1.7 beta 2

Description The issue is related to the FilePathField, GenericIPAddressField, and IPAddressField model field classes in Django, which do not properly perform type conversion. This allows remote attackers to have an unspecified impact, related to "MySQL typecasting."

Recommendations For Django versions prior to 1.4.11, update to version 1.4.11 or later. For Django versions 1.5.x prior to 1.5.6, update to version 1.5.6 or later. For Django versions 1.6.x prior to 1.6.3, update to version 1.6.3 or later. For Django versions 1.7.x prior to 1.7 beta 2, update to version 1.7 beta 2 or later.