django
Page content
- Author: kikadf
- Vulnerable: 1.5.2-2arcturus1
- Unaffected: 1.5.2-2arcturus2
Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. Peter Kuma and Gavin Wahl discovered that Django did not correctly validate some malformed URLs, which are accepted by some browsers.