Filtered by vendor Djangoproject
Subscribe
Total
106 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4140 | 1 Djangoproject | 1 Django | 2023-12-10 | 6.8 MEDIUM | N/A |
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code. | |||||
CVE-2011-4139 | 1 Djangoproject | 1 Django | 2023-12-10 | 5.0 MEDIUM | N/A |
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request. | |||||
CVE-2011-0696 | 1 Djangoproject | 1 Django | 2023-12-10 | 6.8 MEDIUM | N/A |
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447. | |||||
CVE-2011-0698 | 2 Djangoproject, Microsoft | 2 Django, Windows | 2023-12-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays. | |||||
CVE-2010-4535 | 1 Djangoproject | 1 Django | 2023-12-10 | 5.0 MEDIUM | N/A |
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer. | |||||
CVE-2009-3695 | 1 Djangoproject | 1 Django | 2023-12-10 | 5.0 MEDIUM | N/A |
Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression. |