CVE-2015-8213
Published: 24 November 2015
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
precise |
Released
(1.3.1-4ubuntu1.19)
|
trusty |
Released
(1.6.1-2ubuntu0.11)
|
|
upstream |
Released
(1.8.7,1.7.11)
|
|
vivid |
Released
(1.7.6-1ubuntu2.3)
|
|
wily |
Released
(1.7.9-1ubuntu5.1)
|