Gavin Wahl

#18461of 53,635
14.6Total CVSS
Vulnerabilities · 2
Medium
1
High
1
PT-2019-2628
6.9
2019-07-01
Django Software Foundation · Django · CVE-2019-12781
**Name of the Vulnerable Software and Affected Versions** Django versions 1.11 before 1.11.22 Django versions 2.1 before 2.1.10 Django versions 2.2 before 2.2.3 **Description** An issue in Django causes incorrect behavior of `django.http.HttpRequest.scheme` when a client uses HTTP, but the proxy connects to Django via HTTPS, and the SECURE PROXY SSL HEADER and SECURE SSL REDIRECT settings are used. This issue is related to errors in processing HTTP requests that are determined as HTTPS requests. The exploitation of this issue may allow a remote attacker to access protected information. **Recommendations** For Django version 1.11 before 1.11.22, update to version 1.11.22 or later. For Django version 2.1 before 2.1.10, update to version 2.1.10 or later. For Django version 2.2 before 2.2.3, update to version 2.2.3 or later.
PT-2014-5471
7.7
2014-05-15
Django Software Foundation · Django · CVE-2014-3730
**Name of the Vulnerable Software and Affected Versions** Django versions 1.4 through 1.4.12 Django versions 1.5 through 1.5.7 Django versions 1.6 through 1.6.4 Django versions 1.7 through 1.7b3 **Description** The `django.util.http.is safe url` function does not properly validate URLs, allowing remote attackers to conduct open redirect attacks via a malformed URL. **Recommendations** For Django versions 1.4 through 1.4.12, update to version 1.4.13 or later. For Django versions 1.5 through 1.5.7, update to version 1.5.8 or later. For Django versions 1.6 through 1.6.4, update to version 1.6.5 or later. For Django versions 1.7 through 1.7b3, update to version 1.7b4 or later.