Safety vulnerability ID: 35519
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Django 1.4.13, 1.5.8, 1.6.5 and 1.7b4 include a fix for CVE-2014-1418: Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
Latest version: 5.0.4
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
MLIST:[oss-security] 20140514 CVE Reuest: Django: Malformed URLs from user input incorrectly validated: http://www.openwall.com/lists/oss-security/2014/05/14/10
MLIST:[oss-security] 20140514 Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated: http://www.openwall.com/lists/oss-security/2014/05/15/3
CONFIRM:https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
DEBIAN:DSA-2934: http://www.debian.org/security/2014/dsa-2934
SUSE:openSUSE-SU-2014:1132: http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
UBUNTU:USN-2212-1: http://ubuntu.com/usn/usn-2212-1
SECUNIA:61281: http://secunia.com/advisories/61281
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application