High severityNVD Advisory· Published Nov 18, 2012· Updated Jun 16, 2026
CVE-2012-4520
CVE-2012-4520
Description
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DjangoPyPI | >= 1.3, < 1.3.4 | 1.3.4 |
DjangoPyPI | >= 1.4, < 1.4.2 | 1.4.2 |
Affected products
9cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:djangoproject:django:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.3:alpha1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.4.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
30- www.djangoproject.com/weblog/2012/oct/17/security/nvdPatchVendor Advisory
- secunia.com/advisories/51033nvdVendor Advisory
- secunia.com/advisories/51314nvdVendor Advisory
- github.com/advisories/GHSA-2655-q453-22f9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-4520ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cginvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.htmlnvdWEB
- ubuntu.com/usn/usn-1632-1nvdWEB
- ubuntu.com/usn/usn-1757-1nvdWEB
- www.debian.org/security/2013/dsa-2634nvdWEB
- www.openwall.com/lists/oss-security/2012/10/30/4nvdWEB
- bugs.debian.org/cgi-bin/bugreport.cgighsaWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3nvdWEB
- github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657envdWEB
- github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-7.yamlghsaWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.htmlghsaWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.htmlghsaWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.htmlghsaWEB
- ubuntu.com/usn/usn-1632-1ghsaWEB
- ubuntu.com/usn/usn-1757-1ghsaWEB
- web.archive.org/web/20140417023920/http://securitytracker.com/idghsaWEB
- www.debian.org/security/2013/dsa-2634ghsaWEB
- www.djangoproject.com/weblog/2012/oct/17/securityghsaWEB
- www.openwall.com/lists/oss-security/2012/10/30/4ghsaWEB
- securitytracker.com/idnvd
- www.osvdb.org/86493nvd
News mentions
0No linked articles in our index yet.