VulnerableCode Package Details - pkg:ebuild/dev-python/django@1.6.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2m9f-3cgw-ekdr	The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.	CVE-2014-0473 GHSA-89hj-xfx5-7q66 PYSEC-2014-2
VCID-q64b-r7td-2yab	Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.	CVE-2014-1418 GHSA-q7q2-qf2q-rw3w PYSEC-2014-19
VCID-qzba-9xmg-3qer	The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."	CVE-2014-0472 GHSA-rvq6-mrpv-m6rm PYSEC-2014-1
VCID-yemh-qd63-wuca	The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."	CVE-2014-0474 GHSA-wqjj-hx84-v449 PYSEC-2014-3

Vulnerability

Summary

Aliases

VCID-2m9f-3cgw-ekdr

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

CVE-2014-0473
GHSA-89hj-xfx5-7q66
PYSEC-2014-2

VCID-q64b-r7td-2yab

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.

CVE-2014-1418
GHSA-q7q2-qf2q-rw3w
PYSEC-2014-19

VCID-qzba-9xmg-3qer

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."

CVE-2014-0472
GHSA-rvq6-mrpv-m6rm
PYSEC-2014-1

VCID-yemh-qd63-wuca

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

CVE-2014-0474
GHSA-wqjj-hx84-v449
PYSEC-2014-3

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:58:33.239961+00:00	Gentoo Importer	Fixing	VCID-q64b-r7td-2yab	https://security.gentoo.org/glsa/201406-26	38.0.0
2026-04-01T12:58:33.228259+00:00	Gentoo Importer	Fixing	VCID-yemh-qd63-wuca	https://security.gentoo.org/glsa/201406-26	38.0.0
2026-04-01T12:58:33.219275+00:00	Gentoo Importer	Fixing	VCID-2m9f-3cgw-ekdr	https://security.gentoo.org/glsa/201406-26	38.0.0
2026-04-01T12:58:33.209787+00:00	Gentoo Importer	Fixing	VCID-qzba-9xmg-3qer	https://security.gentoo.org/glsa/201406-26	38.0.0