VulnerableCode Package Details - pkg:rpm/redhat/Django14@1.4.11-1?arch=el6ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-2m9f-3cgw-ekdr Aliases: CVE-2014-0473 GHSA-89hj-xfx5-7q66 PYSEC-2014-2	The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.	There are no reported fixed by versions.
VCID-qzba-9xmg-3qer Aliases: CVE-2014-0472 GHSA-rvq6-mrpv-m6rm PYSEC-2014-1	The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."	There are no reported fixed by versions.
VCID-yemh-qd63-wuca Aliases: CVE-2014-0474 GHSA-wqjj-hx84-v449 PYSEC-2014-3	The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2m9f-3cgw-ekdr
Aliases:
CVE-2014-0473
GHSA-89hj-xfx5-7q66
PYSEC-2014-2

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

There are no reported fixed by versions.

VCID-qzba-9xmg-3qer
Aliases:
CVE-2014-0472
GHSA-rvq6-mrpv-m6rm
PYSEC-2014-1

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."

There are no reported fixed by versions.

VCID-yemh-qd63-wuca
Aliases:
CVE-2014-0474
GHSA-wqjj-hx84-v449
PYSEC-2014-3

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:48:18.533099+00:00	RedHat Importer	Affected by	VCID-yemh-qd63-wuca	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0474.json	38.0.0
2026-04-01T14:48:18.509445+00:00	RedHat Importer	Affected by	VCID-2m9f-3cgw-ekdr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0473.json	38.0.0
2026-04-01T14:48:18.484654+00:00	RedHat Importer	Affected by	VCID-qzba-9xmg-3qer	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0472.json	38.0.0