VYPR
Critical severityNVD Advisory· Published Jul 31, 2012· Updated Jun 16, 2026

CVE-2012-3442

CVE-2012-3442

Description

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
< 1.3.21.3.2
DjangoPyPI
>= 1.4, < 1.4.11.4.1

Affected products

3
  • cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*range: <1.3.2
    • cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.3.2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.