{"url":"http://public2.vulnerablecode.io/api/packages/8263?format=json","purl":"pkg:pypi/django@1.7b4","type":"pypi","namespace":"","name":"django","version":"1.7b4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.7rc3","latest_non_vulnerable_version":"6.0.5","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34879?format=json","vulnerability_id":"VCID-71t1-69yq-c7h6","summary":"Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html"},{"reference_url":"http://secunia.com/advisories/61281","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61281"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1abcf3a808b35abae5d425ed4d44cb6e886dc769","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/1abcf3a808b35abae5d425ed4d44cb6e886dc769"},{"reference_url":"https://github.com/django/django/commit/28e23306aa53bbbb8fb87db85f99d970b051026c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/28e23306aa53bbbb8fb87db85f99d970b051026c"},{"reference_url":"https://github.com/django/django/commit/4001ec8698f577b973c5a540801d8a0bbea1205b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/4001ec8698f577b973c5a540801d8a0bbea1205b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-19.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-19.yaml"},{"reference_url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued"},{"reference_url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/"},{"reference_url":"http://ubuntu.com/usn/usn-2212-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-2212-1"},{"reference_url":"http://www.debian.org/security/2014/dsa-2934","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-2934"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/05/14/10","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/05/14/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/05/15/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/05/15/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1418","reference_id":"CVE-2014-1418","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1418"},{"reference_url":"https://github.com/advisories/GHSA-q7q2-qf2q-rw3w","reference_id":"GHSA-q7q2-qf2q-rw3w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q7q2-qf2q-rw3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8260?format=json","purl":"pkg:pypi/django@1.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-kq8u-td31-uqaa"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-th75-ys47-d3h8"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/8261?format=json","purl":"pkg:pypi/django@1.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/8262?format=json","purl":"pkg:pypi/django@1.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vacy-878s-3kfb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/8263?format=json","purl":"pkg:pypi/django@1.7b4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7b4"}],"aliases":["CVE-2014-1418","GHSA-q7q2-qf2q-rw3w","PYSEC-2014-19"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71t1-69yq-c7h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34878?format=json","vulnerability_id":"VCID-9bqp-b6rw-mye7","summary":"The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by \"http:\\\\\\djangoproject.com.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html"},{"reference_url":"http://secunia.com/advisories/61281","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61281"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/601107524523bca02376a0ddc1a06c6fdb8f22f3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/601107524523bca02376a0ddc1a06c6fdb8f22f3"},{"reference_url":"https://github.com/django/django/commit/7feb54bbae3f637ab3c4dd4831d4385964f574df","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/7feb54bbae3f637ab3c4dd4831d4385964f574df"},{"reference_url":"https://github.com/django/django/commit/ad32c218850ad40972dcef57beb460f8c979dd6d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/django/django/commit/ad32c218850ad40972dcef57beb460f8c979dd6d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-20.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2014-20.yaml"},{"reference_url":"https://web.archive.org/web/20200228171223/http://www.securityfocus.com/bid/67410","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228171223/http://www.securityfocus.com/bid/67410"},{"reference_url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued"},{"reference_url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/","reference_id":"","reference_type":"","scores":[],"url":"https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/"},{"reference_url":"http://ubuntu.com/usn/usn-2212-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-2212-1"},{"reference_url":"http://www.debian.org/security/2014/dsa-2934","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-2934"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/05/14/10","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/05/14/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/05/15/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2014/05/15/3"},{"reference_url":"http://www.securityfocus.com/bid/67410","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/67410"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3730","reference_id":"CVE-2014-3730","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3730"},{"reference_url":"https://github.com/advisories/GHSA-vq3h-3q7v-9prw","reference_id":"GHSA-vq3h-3q7v-9prw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vq3h-3q7v-9prw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/8260?format=json","purl":"pkg:pypi/django@1.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-kq8u-td31-uqaa"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-th75-ys47-d3h8"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/8261?format=json","purl":"pkg:pypi/django@1.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/8262?format=json","purl":"pkg:pypi/django@1.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kza-a88p-kfg7"},{"vulnerability":"VCID-5vmb-d4xp-zfgy"},{"vulnerability":"VCID-6wah-r8vr-5qc4"},{"vulnerability":"VCID-7rz2-nqdn-hycc"},{"vulnerability":"VCID-8gus-er59-1qak"},{"vulnerability":"VCID-8v2c-7739-2ugp"},{"vulnerability":"VCID-912q-3eks-4yfm"},{"vulnerability":"VCID-9mpt-zxaw-kkeg"},{"vulnerability":"VCID-bahz-gfxv-e3b2"},{"vulnerability":"VCID-dh12-js4b-h7fw"},{"vulnerability":"VCID-jfya-694v-myar"},{"vulnerability":"VCID-ksh8-pazn-dbca"},{"vulnerability":"VCID-mccp-khb9-qkb7"},{"vulnerability":"VCID-r7tk-79xy-jkhj"},{"vulnerability":"VCID-rxxr-sseq-k7a9"},{"vulnerability":"VCID-ta66-7qrm-sbhu"},{"vulnerability":"VCID-u4a7-uvcb-9kf8"},{"vulnerability":"VCID-u6sd-648r-qbdb"},{"vulnerability":"VCID-vacy-878s-3kfb"},{"vulnerability":"VCID-vdpf-jddk-syda"},{"vulnerability":"VCID-weqb-fxu4-17e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/8263?format=json","purl":"pkg:pypi/django@1.7b4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7b4"}],"aliases":["CVE-2014-3730","GHSA-vq3h-3q7v-9prw","PYSEC-2014-20"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bqp-b6rw-mye7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/django@1.7b4"}