Search for packages
Package details: pkg:pypi/django@1.7.0
purl pkg:pypi/django@1.7.0
Tags Ghost
Next non-vulnerable version 4.2.22
Latest non-vulnerable version 5.2.2
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3d5b-vwf4-aaad
Aliases:
CVE-2015-5964
GHSA-x38m-486c-2wr9
PYSEC-2015-23
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
1.7.10
Affected by 19 other vulnerabilities.
VCID-j2zf-12g6-aaag
Aliases:
CVE-2015-5963
GHSA-pgxh-wfw4-jx2v
PYSEC-2015-22
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
1.7.10
Affected by 19 other vulnerabilities.
1.8.4
Affected by 22 other vulnerabilities.
VCID-pfqz-gzvt-aaac
Aliases:
CVE-2015-0219
GHSA-7qfw-j7hp-v45g
PYSEC-2015-4
Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
1.7.3
Affected by 28 other vulnerabilities.
VCID-u1fv-9zsy-aaac
Aliases:
CVE-2015-0221
GHSA-jhjg-w2cp-5j44
PYSEC-2015-6
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
1.7.3
Affected by 28 other vulnerabilities.
VCID-yr8m-4dhu-aaac
Aliases:
CVE-2015-0220
GHSA-gv98-g628-m9x5
PYSEC-2015-5
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
1.7.3
Affected by 28 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:26:49.717402+00:00 GitLab Importer Affected by VCID-yr8m-4dhu-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-0220.yml 34.0.1
2024-09-17T22:26:44.648629+00:00 GitLab Importer Affected by VCID-u1fv-9zsy-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-0221.yml 34.0.1
2024-09-17T22:26:43.102115+00:00 GitLab Importer Affected by VCID-pfqz-gzvt-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-0219.yml 34.0.1
2024-09-17T22:26:41.050964+00:00 GitLab Importer Affected by VCID-j2zf-12g6-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-5963.yml 34.0.1
2024-09-17T22:14:09.819561+00:00 GHSA Importer Affected by VCID-pfqz-gzvt-aaac https://github.com/advisories/GHSA-7qfw-j7hp-v45g 34.0.1
2024-09-17T22:14:09.282757+00:00 GHSA Importer Affected by VCID-yr8m-4dhu-aaac https://github.com/advisories/GHSA-gv98-g628-m9x5 34.0.1
2024-09-17T22:13:43.182865+00:00 GHSA Importer Affected by VCID-u1fv-9zsy-aaac https://github.com/advisories/GHSA-jhjg-w2cp-5j44 34.0.1
2024-09-17T22:12:49.832530+00:00 GHSA Importer Affected by VCID-3d5b-vwf4-aaad https://github.com/advisories/GHSA-x38m-486c-2wr9 34.0.1
2024-05-08T20:32:37.584722+00:00 GHSA Importer Affected by VCID-3d5b-vwf4-aaad https://github.com/advisories/GHSA-x38m-486c-2wr9 34.0.0rc4
2024-05-07T16:07:50.460014+00:00 GHSA Importer Affected by VCID-j2zf-12g6-aaag https://github.com/advisories/GHSA-pgxh-wfw4-jx2v 34.0.0rc4
2024-04-23T17:41:28.115264+00:00 GHSA Importer Affected by VCID-u1fv-9zsy-aaac https://github.com/advisories/GHSA-jhjg-w2cp-5j44 34.0.0rc4
2024-01-03T17:52:47.141424+00:00 GitLab Importer Affected by VCID-yr8m-4dhu-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-0220.yml 34.0.0rc1
2024-01-03T17:52:43.027040+00:00 GitLab Importer Affected by VCID-u1fv-9zsy-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-0221.yml 34.0.0rc1
2024-01-03T17:52:41.794973+00:00 GitLab Importer Affected by VCID-pfqz-gzvt-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-0219.yml 34.0.0rc1
2024-01-03T17:52:39.872802+00:00 GitLab Importer Affected by VCID-j2zf-12g6-aaag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-5963.yml 34.0.0rc1
2024-01-03T17:44:18.741479+00:00 GHSA Importer Affected by VCID-pfqz-gzvt-aaac https://github.com/advisories/GHSA-7qfw-j7hp-v45g 34.0.0rc1
2024-01-03T17:44:18.128564+00:00 GHSA Importer Affected by VCID-j2zf-12g6-aaag https://github.com/advisories/GHSA-pgxh-wfw4-jx2v 34.0.0rc1
2024-01-03T17:44:17.960026+00:00 GHSA Importer Affected by VCID-yr8m-4dhu-aaac https://github.com/advisories/GHSA-gv98-g628-m9x5 34.0.0rc1
2024-01-03T17:43:53.458404+00:00 GHSA Importer Affected by VCID-u1fv-9zsy-aaac https://github.com/advisories/GHSA-jhjg-w2cp-5j44 34.0.0rc1