Search for packages
| purl | pkg:pypi/django@1.7b1 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1zka-nz8a-aaab
Aliases: CVE-2014-3730 GHSA-vq3h-3q7v-9prw PYSEC-2014-20 |
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com." |
Affected by 0 other vulnerabilities. |
|
VCID-cw41-fuky-aaak
Aliases: CVE-2014-1418 GHSA-q7q2-qf2q-rw3w PYSEC-2014-19 |
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-17T22:26:50.832021+00:00 | GitLab Importer | Affected by | VCID-cw41-fuky-aaak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-1418.yml | 34.0.1 |
| 2024-09-17T22:26:44.899941+00:00 | GitLab Importer | Affected by | VCID-1zka-nz8a-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-3730.yml | 34.0.1 |
| 2024-01-03T17:52:48.150304+00:00 | GitLab Importer | Affected by | VCID-cw41-fuky-aaak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-1418.yml | 34.0.0rc1 |
| 2024-01-03T17:52:43.284081+00:00 | GitLab Importer | Affected by | VCID-1zka-nz8a-aaab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2014-3730.yml | 34.0.0rc1 |