django

Page content
  • Author: Miklos Vajna
  • Vulnerable: 1.3-2
  • Unaffected: 1.3.1-1mores1

Some vulnerabilities have been reported in Django, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service).

  1. An error within the handling of sessions within django.contrib.sessions when using the caching backend can be exploited to manipulate session information. Successful exploitation requires that the session key is known and the application allows attackers to store dictionary-like objects with a valid session key in the cache.
  2. An error when verifying if URLs provided to the “URLField” field type correctly resolve can be exploited to exhaust all of the server’s processes and memory by providing an URL to a malicious server.
  3. An error within the handling of redirect responses when verifying URLs provided to the “URLField” field type can be exploited to e.g. determine the existence of local files on the server by returning a redirect response to a “file://” URL.
  4. An error within the handling of the “X-Forwarded-Host” HTTP header when e.g. generating full URLs for redirect responses can be exploited to conduct cache poisoning attacks.

CVEs: