Critical severityNVD Advisory· Published Feb 14, 2011· Updated Jun 16, 2026
CVE-2011-0698
CVE-2011-0698
Description
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 1.1, < 1.1.4 | 1.1.4 |
DjangoPyPI | >= 1.2, < 1.2.5 | 1.2.5 |
Affected products
10cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:djangoproject:django:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.2.4:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
15- openwall.com/lists/oss-security/2011/02/09/6nvdPatchWEB
- www.djangoproject.com/weblog/2011/feb/08/security/nvdPatchVendor Advisory
- github.com/advisories/GHSA-7g9h-c88w-r7h2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-0698ghsaADVISORY
- www.djangoproject.com/weblog/2011/feb/08/securityghsaWEB
- www.mandriva.com/security/advisoriesnvdWEB
- github.com/django/django/commit/194566480b15cf4e294d3f03ff587019b74044b2ghsaWEB
- github.com/django/django/commit/570a32a047ea56265646217264b0d3dab1a14dbdghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2011-12.yamlghsaWEB
- web.archive.org/web/20110521033259/http://secunia.com/advisories/43230ghsaWEB
- web.archive.org/web/20130616104703/http://www.securityfocus.com/bid/46296ghsaWEB
- secunia.com/advisories/43230nvd
- www.securityfocus.com/bid/46296nvd
- www.vupen.com/english/advisories/2011/0372nvd
- www.vupen.com/english/advisories/2011/0439nvd
News mentions
0No linked articles in our index yet.