VYPR

rpm package

suse/python-Django&distro=SUSE OpenStack Cloud 5

pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%205

Vulnerabilities (4)

  • CVE-2015-8213Dec 7, 2015
    affected < 1.6.11-13.1fixed 1.6.11-13.1

    The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_

  • CVE-2015-5963Aug 24, 2015
    affected < 1.6.11-10.2fixed 1.6.11-10.2

    contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of reque

  • CVE-2015-5144Jul 14, 2015
    affected < 1.6.11-10.2fixed 1.6.11-10.2

    Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the

  • CVE-2015-5143Jul 14, 2015
    affected < 1.6.11-10.2fixed 1.6.11-10.2

    The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.