CVE-2019-12781

Published: 01 July 2019

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:1.11.11-1ubuntu1.4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.7-1ubuntu5.9)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage