PT-2016-5174 · Django Software Foundation+2 · Django+2

Mark Striemer

Publicado

2016-03-01

Atualizado

2024-06-15

CVE-2016-2512

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Django versions 1.8.0 through 1.8.9 Django versions 1.9.0 through 1.9.2

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication. This is demonstrated by a URL such as http://mysite.example.com@attacker.com, which could be used to trick users into revealing sensitive information.

Recommendations For Django versions 1.8.0 through 1.8.9, update to version 1.8.10 or later. For Django versions 1.9.0 through 1.9.2, update to version 1.9.3 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2016-2173

CVE-2016-2512

DSA-3544-1

GHSA-PW27-W7W4-9QC7

MGASA-2016-0096

OPENSUSE-SU-2024:10361-1

PYSEC-2016-15

RHSA-2016:0502

RHSA-2016:0503

RHSA-2016:0504

RHSA-2016:0505

RHSA-2016:0506

SUSE-SU-2018:1102-1

SUSE-SU-2018:1828-1

SUSE-SU-2018:1830-1

USN-2915-1

USN-2915-2

USN-2915-3

Produtos afetados

Alt Linux

Django

Ubuntu

PT-2016-5174 · Django Software Foundation+2 · Django+2

CVE-2016-2512

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 67