Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6xs7-fpvj-mbbw
Vulnerability ID VCID-6xs7-fpvj-mbbw
Aliases PYSEC-2019-80
Summary An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
https://docs.djangoproject.com/en/dev/releases/security/
https://groups.google.com/forum/#!topic/django-announce/Is4kLY9ZcZQ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
https://seclists.org/bugtraq/2019/Jul/10
https://security.netapp.com/advisory/ntap-20190705-0002/
https://usn.ubuntu.com/4043-1/
https://www.debian.org/security/2019/dsa-4476
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
http://www.openwall.com/lists/oss-security/2019/07/01/3
http://www.securityfocus.com/bid/109018
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-04-01T15:00:54.529250+00:00 PyPI Importer Import https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0