PT-2025-23836 · Django+5 · Django+5

Seokchan Yoon

Publicado

2025-06-04

Atualizado

2026-01-15

CVE-2025-48432

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.22 Django versions 5.1 through 5.1.10 Django versions 5.2 through 5.2.2

Description An issue was discovered in Django where internal HTTP response logging does not escape request.path, allowing remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. Approximately 1,696,617 results are found to be potentially affected.

Recommendations For Django version 4.2, update to version 4.2.22 or later. For Django version 5.1, update to version 5.1.10 or later. For Django version 5.2, update to version 5.2.2 or later.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-117CWE-89

Identificadores relacionados

ALT-PU-2025-10176

BDU:2025-06450

BDU:2025-11748

BIT-DJANGO-2025-48432

CVE-2025-48432

DLA-4210-1

ECHO-5AC0-DAB3-BD4D

GHSA-7XR5-9HCQ-CHF9

MGASA-2025-0193

OESA-2025-1617

OESA-2025-1618

OESA-2025-1619

OESA-2025-1642

OESA-2025-1643

OPENSUSE-SU-2025:15267-1

OPENSUSE-SU-2025:15268-1

OPENSUSE-SU-2026:10005-1

PYSEC-2025-47

RHSA-2025:14686

RHSA-2025:16487

SUSE-SU-2025:01952-1

SUSE-SU-2025:02248-1

USN-7555-1

USN-7555-2

USN-7555-3

Produtos afetados

Alt Linux

Debian

Django

Linuxmint

Red Os

Ubuntu

PT-2025-23836 · Django+5 · Django+5

CVE-2025-48432

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 158