cpe:2.3:a:djangoproject:django:1.6.3:*:*:*:*:*:*:*
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
Source: MITRE
Max CVSS
4.9
EPSS Score
0.11%
Published
2021-06-08
Updated
2022-02-25
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
Source: MITRE
Max CVSS
9.8
EPSS Score
19.78%
Published
2019-12-18
Updated
2020-01-08
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-10-03
Updated
2018-01-05

CVE-2016-6186

Public exploit
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.37%
Published
2016-08-05
Updated
2018-10-09
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.73%
Published
2015-12-07
Updated
2016-12-07
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.61%
Published
2015-07-14
Updated
2017-09-22
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
Source: MITRE
Max CVSS
7.8
EPSS Score
13.53%
Published
2015-07-14
Updated
2017-09-22
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.32%
Published
2015-03-25
Updated
2018-10-30
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.
Source: MITRE
Max CVSS
5.0
EPSS Score
1.08%
Published
2015-03-25
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.25%
Published
2015-03-12
Updated
2016-12-03
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.
Source: Red Hat, Inc.
Max CVSS
5.0
EPSS Score
2.69%
Published
2015-01-16
Updated
2016-12-22
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
Source: Red Hat, Inc.
Max CVSS
5.0
EPSS Score
11.99%
Published
2015-01-16
Updated
2016-12-22
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
Source: Red Hat, Inc.
Max CVSS
4.3
EPSS Score
0.74%
Published
2015-01-16
Updated
2016-12-22
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
Source: Red Hat, Inc.
Max CVSS
5.0
EPSS Score
0.79%
Published
2015-01-16
Updated
2016-12-22
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
Source: Debian GNU/Linux
Max CVSS
4.3
EPSS Score
0.45%
Published
2014-05-16
Updated
2018-10-30
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
Source: Canonical Ltd.
Max CVSS
6.4
EPSS Score
0.50%
Published
2014-05-16
Updated
2017-01-07
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.
Source: Debian GNU/Linux
Max CVSS
3.5
EPSS Score
0.21%
Published
2014-08-26
Updated
2018-10-30
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.
Source: Debian GNU/Linux
Max CVSS
6.0
EPSS Score
0.39%
Published
2014-08-26
Updated
2018-10-30
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
Source: Debian GNU/Linux
Max CVSS
4.3
EPSS Score
2.34%
Published
2014-08-26
Updated
2018-10-30
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
Source: Debian GNU/Linux
Max CVSS
5.8
EPSS Score
0.46%
Published
2014-08-26
Updated
2018-10-30
20 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!