Search for packages
| purl | pkg:deb/debian/python-django@1.7.1-1.1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5g4y-1qmy-27bd | ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries. |
CVE-2015-0222
GHSA-6g95-x6cj-mg4v PYSEC-2015-7 |
| VCID-bgmv-mf3x-bkew | The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file. |
CVE-2015-0221
GHSA-jhjg-w2cp-5j44 PYSEC-2015-6 |
| VCID-spwd-dz6f-5fh9 | The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL. |
CVE-2015-0220
GHSA-gv98-g628-m9x5 PYSEC-2015-5 |
| VCID-t8ec-st1v-s3e5 | Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header. |
CVE-2015-0219
GHSA-7qfw-j7hp-v45g PYSEC-2015-4 |