Search for packages
Package details: pkg:pypi/django@1.7.0a0
purl pkg:pypi/django@1.7.0a0
Tags Ghost
Next non-vulnerable version 4.2.22
Latest non-vulnerable version 5.2.2
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-2rmr-7q84-aaas
Aliases:
CVE-2015-5145
GHSA-cqf7-ff9h-7967
PYSEC-2015-21
validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
1.7.9
Affected by 22 other vulnerabilities.
1.8.3
Affected by 24 other vulnerabilities.
VCID-482k-kc8y-aaas
Aliases:
CVE-2015-5143
GHSA-h582-2pch-3xv3
PYSEC-2015-20
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
1.7.9
Affected by 22 other vulnerabilities.
1.8.3
Affected by 24 other vulnerabilities.
VCID-c4q6-kpvv-aaar
Aliases:
CVE-2015-5144
GHSA-q5qw-4364-5hhm
PYSEC-2015-10
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
1.7.9
Affected by 22 other vulnerabilities.
1.8.3
Affected by 24 other vulnerabilities.
VCID-hbqw-6pkz-aaaj
Aliases:
GMS-2015-21
Denial-of-service possibility in logout() view by filling session store A session can be created when anonymously accessing the `django.contrib.auth.views.logout` view (provided it wasn't decorated with `django.contrib.auth.decorators.login_required` as done in the admin). This allows an attacker to easily create many new session records by sending repeated requests, potentially filling up the session store or causing other users' session records to be evicted.
1.7.10
Affected by 19 other vulnerabilities.
1.8.4
Affected by 22 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:26:48.795813+00:00 GitLab Importer Affected by VCID-2rmr-7q84-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-5145.yml 34.0.1
2024-09-17T22:26:48.620043+00:00 GitLab Importer Affected by VCID-hbqw-6pkz-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/GMS-2015-21.yml 34.0.1
2024-09-17T22:26:44.795521+00:00 GitLab Importer Affected by VCID-482k-kc8y-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-5143.yml 34.0.1
2024-09-17T22:26:40.842895+00:00 GitLab Importer Affected by VCID-c4q6-kpvv-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-5144.yml 34.0.1
2024-01-03T17:52:46.183649+00:00 GitLab Importer Affected by VCID-2rmr-7q84-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-5145.yml 34.0.0rc1
2024-01-03T17:52:46.099559+00:00 GitLab Importer Affected by VCID-hbqw-6pkz-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/GMS-2015-21.yml 34.0.0rc1
2024-01-03T17:52:43.185381+00:00 GitLab Importer Affected by VCID-482k-kc8y-aaas https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-5143.yml 34.0.0rc1
2024-01-03T17:52:39.690302+00:00 GitLab Importer Affected by VCID-c4q6-kpvv-aaar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2015-5144.yml 34.0.0rc1