PT-2011-2568 · Django · Django

Paul Mcmillan

Published

2011-02-14

Updated

2018-07-23

CVE-2011-0698

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Django versions 1.1.x through 1.1.3 Django versions 1.2.x through 1.2.4

Description A directory traversal issue might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

Recommendations For Django versions 1.1.x through 1.1.3, update to version 1.1.4 or later. For Django versions 1.2.x through 1.2.4, update to version 1.2.5 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2011-0698

GHSA-7G9H-C88W-R7H2

PYSEC-2011-12

Affected Products

Django

PT-2011-2568 · Django · Django

CVE-2011-0698

Weakness Enumeration

Related Identifiers

Affected Products

References · 17