CVE-2014-0480
Published: 26 August 2014
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
lucid |
Released
(1.1.1-2ubuntu1.13)
|
precise |
Released
(1.3.1-4ubuntu1.12)
|
|
trusty |
Released
(1.6.1-2ubuntu0.4)
|
|
upstream |
Released
(1.6.6-1)
|
|
Patches: vendor: https://www.debian.org/security/2014/dsa-3010 upstream: https://github.com/django/django/commit/c2fe73133b62a1d9e8f7a6b43966570b14618d7e upstream: https://github.com/django/django/commit/da051da8df5e69944745072611351d4cfc6435d5 |