Search for packages
| purl | pkg:pypi/django@1.1.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-97zd-8qnf-aaak
Aliases: CVE-2011-0698 GHSA-7g9h-c88w-r7h2 PYSEC-2011-12 |
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. |
Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-n45x-dafe-aaam
Aliases: CVE-2011-0696 GHSA-5j2h-h5hg-3wf8 PYSEC-2011-10 |
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447. |
Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-uvku-wexv-aaak
Aliases: CVE-2011-0697 GHSA-8m3r-rv5g-fcpq PYSEC-2011-11 |
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. |
Affected by 42 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-z1hp-6qm3-aaac
Aliases: CVE-2009-3695 GHSA-p6m5-h7pp-v2x5 PYSEC-2009-4 |
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. |
Affected by 43 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||