rpm package
suse/python-Django&distro=SUSE OpenStack Cloud 5
pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%205
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8213 | — | < 1.6.11-13.1 | 1.6.11-13.1 | Dec 7, 2015 | The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_ | ||
| CVE-2015-5963 | — | < 1.6.11-10.2 | 1.6.11-10.2 | Aug 24, 2015 | contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of reque | ||
| CVE-2015-5144 | — | < 1.6.11-10.2 | 1.6.11-10.2 | Jul 14, 2015 | Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the | ||
| CVE-2015-5143 | — | < 1.6.11-10.2 | 1.6.11-10.2 | Jul 14, 2015 | The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. |
- CVE-2015-8213Dec 7, 2015affected < 1.6.11-13.1fixed 1.6.11-13.1
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_
- CVE-2015-5963Aug 24, 2015affected < 1.6.11-10.2fixed 1.6.11-10.2
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of reque
- CVE-2015-5144Jul 14, 2015affected < 1.6.11-10.2fixed 1.6.11-10.2
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the
- CVE-2015-5143Jul 14, 2015affected < 1.6.11-10.2fixed 1.6.11-10.2
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.