Search for packages
| purl | pkg:rpm/redhat/Django14@1.4.8-1?arch=el6ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gwme-keqv-kkgr
Aliases: CVE-2013-6044 GHSA-9cwg-mhxf-hh59 PYSEC-2013-21 |
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme. | There are no reported fixed by versions. |
|
VCID-qjqs-zfd5-ckbt
Aliases: CVE-2013-4315 GHSA-vjjp-9r83-22rc PYSEC-2013-20 |
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:50:19.575794+00:00 | RedHat Importer | Affected by | VCID-gwme-keqv-kkgr | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6044.json | 38.0.0 |
| 2026-04-01T14:50:11.777577+00:00 | RedHat Importer | Affected by | VCID-qjqs-zfd5-ckbt | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4315.json | 38.0.0 |