Search for packages
| purl | pkg:pypi/django@1.8.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2rmr-7q84-aaas
Aliases: CVE-2015-5145 GHSA-cqf7-ff9h-7967 PYSEC-2015-21 |
validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. |
Affected by 24 other vulnerabilities. |
|
VCID-482k-kc8y-aaas
Aliases: CVE-2015-5143 GHSA-h582-2pch-3xv3 PYSEC-2015-20 |
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. |
Affected by 24 other vulnerabilities. |
|
VCID-j2zf-12g6-aaag
Aliases: CVE-2015-5963 GHSA-pgxh-wfw4-jx2v PYSEC-2015-22 |
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. |
Affected by 22 other vulnerabilities. |
|
VCID-wvz5-nmre-aaaj
Aliases: CVE-2017-7234 GHSA-h4hv-m4h4-mhwg PYSEC-2017-10 |
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability. |
Affected by 13 other vulnerabilities. Affected by 20 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 19 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||