Search for packages
| purl | pkg:pypi/django@0.96.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-14ux-yqja-aaar
Aliases: CVE-2007-5712 GHSA-9v8h-57gv-qch6 PYSEC-2007-1 |
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
Affected by 0 other vulnerabilities. Affected by 44 other vulnerabilities. |
|
VCID-e394-dfbt-aaaj
Aliases: CVE-2009-2659 GHSA-9xg7-gg9m-rmq9 PYSEC-2009-3 |
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL. |
Affected by 0 other vulnerabilities. Affected by 45 other vulnerabilities. Affected by 44 other vulnerabilities. |
|
VCID-k7je-vdc4-aaar
Aliases: CVE-2008-3909 GHSA-r5cj-wv24-92p5 PYSEC-2008-2 |
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests. |
Affected by 0 other vulnerabilities. Affected by 44 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||