PT-2014-3645 · Django Software Foundation+1 · Django+1
Michael Koziarski
·
Published
2014-04-22
·
Updated
2022-05-17
·
CVE-2014-0474
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Django versions prior to 1.4.11
Django versions 1.5.x prior to 1.5.6
Django versions 1.6.x prior to 1.6.3
Django versions 1.7.x prior to 1.7 beta 2
Description
The issue is related to the
FilePathField, GenericIPAddressField, and IPAddressField model field classes in Django, which do not properly perform type conversion. This allows remote attackers to have an unspecified impact, related to "MySQL typecasting."Recommendations
For Django versions prior to 1.4.11, update to version 1.4.11 or later.
For Django versions 1.5.x prior to 1.5.6, update to version 1.5.6 or later.
For Django versions 1.6.x prior to 1.6.3, update to version 1.6.3 or later.
For Django versions 1.7.x prior to 1.7 beta 2, update to version 1.7 beta 2 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Django
Ubuntu