CVE-2015-8213
Publication date 24 November 2015
Last updated 24 July 2024
Ubuntu priority
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
Status
Package | Ubuntu Release | Status |
---|---|---|
python-django | ||
14.04 LTS trusty |
Fixed 1.6.1-2ubuntu0.11
|
|
References
Related Ubuntu Security Notices (USN)
- USN-2816-1
- Django vulnerability
- 24 November 2015