VulnerableCode Package Details - pkg:pypi/django@1.7a1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1zka-nz8a-aaab Aliases: CVE-2014-3730 GHSA-vq3h-3q7v-9prw PYSEC-2014-20	The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."	1.7b4 Affected by 0 other vulnerabilities.
VCID-3wb8-gzmb-aaah Aliases: CVE-2014-0482 GHSA-625g-gx8c-xcmg PYSEC-2014-6	The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.	1.7rc3 Affected by 0 other vulnerabilities.
VCID-cw41-fuky-aaak Aliases: CVE-2014-1418 GHSA-q7q2-qf2q-rw3w PYSEC-2014-19	Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.	1.7b4 Affected by 0 other vulnerabilities.
VCID-vw6v-s1t1-aaaf Aliases: CVE-2014-0483 GHSA-rw75-m7gp-92m3 PYSEC-2014-7	The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.	1.7rc3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1zka-nz8a-aaab
Aliases:
CVE-2014-3730
GHSA-vq3h-3q7v-9prw
PYSEC-2014-20

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

1.7b4
Affected by 0 other vulnerabilities.

VCID-3wb8-gzmb-aaah
Aliases:
CVE-2014-0482
GHSA-625g-gx8c-xcmg
PYSEC-2014-6

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.

1.7rc3
Affected by 0 other vulnerabilities.

VCID-cw41-fuky-aaak
Aliases:
CVE-2014-1418
GHSA-q7q2-qf2q-rw3w
PYSEC-2014-19

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.

1.7b4
Affected by 0 other vulnerabilities.

VCID-vw6v-s1t1-aaaf
Aliases:
CVE-2014-0483
GHSA-rw75-m7gp-92m3
PYSEC-2014-7

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.

1.7rc3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-11-19T19:01:00.287638+00:00	GHSA Importer	Affected by	VCID-cw41-fuky-aaak	https://github.com/advisories/GHSA-q7q2-qf2q-rw3w	34.3.2
2024-10-14T21:47:38.045088+00:00	GitLab Importer	Affected by	VCID-vw6v-s1t1-aaaf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-0483.yml	34.0.2
2024-09-25T22:47:33.774176+00:00	GitLab Importer	Affected by	VCID-cw41-fuky-aaak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-1418.yml	34.0.1
2024-09-25T22:47:26.997864+00:00	GitLab Importer	Affected by	VCID-1zka-nz8a-aaab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-3730.yml	34.0.1
2024-09-25T22:47:23.811819+00:00	GitLab Importer	Affected by	VCID-3wb8-gzmb-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-0482.yml	34.0.1
2024-09-19T01:04:12.828432+00:00	GHSA Importer	Affected by	VCID-3wb8-gzmb-aaah	https://github.com/advisories/GHSA-625g-gx8c-xcmg	34.0.1
2024-09-19T01:04:11.527813+00:00	GHSA Importer	Affected by	VCID-1zka-nz8a-aaab	https://github.com/advisories/GHSA-vq3h-3q7v-9prw	34.0.1
2024-09-19T01:04:11.001477+00:00	GHSA Importer	Affected by	VCID-cw41-fuky-aaak	https://github.com/advisories/GHSA-q7q2-qf2q-rw3w	34.0.1
2024-09-17T22:12:56.343176+00:00	GHSA Importer	Affected by	VCID-vw6v-s1t1-aaaf	https://github.com/advisories/GHSA-rw75-m7gp-92m3	34.0.1
2024-04-29T16:07:06.086060+00:00	GHSA Importer	Affected by	VCID-vw6v-s1t1-aaaf	https://github.com/advisories/GHSA-rw75-m7gp-92m3	34.0.0rc4