Publish Advisories
GHSA-2655-q453-22f9 GHSA-vjjp-9r83-22rc
This commit is contained in:
Родитель
2cc642fb50
Коммит
01530de4ab
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"schema_version": "1.4.0",
|
||||
"id": "GHSA-2655-q453-22f9",
|
||||
"modified": "2023-08-29T22:33:16Z",
|
||||
"modified": "2024-09-18T18:56:00Z",
|
||||
"published": "2022-05-17T05:10:31Z",
|
||||
"aliases": [
|
||||
"CVE-2012-4520"
|
||||
|
@ -9,13 +9,20 @@
|
|||
"summary": "Django Allows Arbitrary URL Generation",
|
||||
"details": "The `django.http.HttpRequest.get_host` function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.",
|
||||
"severity": [
|
||||
|
||||
{
|
||||
"type": "CVSS_V3",
|
||||
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
|
||||
},
|
||||
{
|
||||
"type": "CVSS_V4",
|
||||
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
|
||||
}
|
||||
],
|
||||
"affected": [
|
||||
{
|
||||
"package": {
|
||||
"ecosystem": "PyPI",
|
||||
"name": "django"
|
||||
"name": "Django"
|
||||
},
|
||||
"ranges": [
|
||||
{
|
||||
|
@ -34,7 +41,7 @@
|
|||
{
|
||||
"package": {
|
||||
"ecosystem": "PyPI",
|
||||
"name": "django"
|
||||
"name": "Django"
|
||||
},
|
||||
"ranges": [
|
||||
{
|
||||
|
@ -70,39 +77,7 @@
|
|||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=865164"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://ubuntu.com/usn/usn-1632-1"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://ubuntu.com/usn/usn-1757-1"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://web.archive.org/web/20140417023920/http://securitytracker.com/id?1027708"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://www.debian.org/security/2013/dsa-2634"
|
||||
"url": "https://www.openwall.com/lists/oss-security/2012/10/30/4"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
|
@ -110,14 +85,86 @@
|
|||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://www.openwall.com/lists/oss-security/2012/10/30/4"
|
||||
"url": "https://www.debian.org/security/2013/dsa-2634"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://web.archive.org/web/20140417023920/http://securitytracker.com/id?1027708"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://ubuntu.com/usn/usn-1757-1"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://ubuntu.com/usn/usn-1632-1"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2012-7.yaml"
|
||||
},
|
||||
{
|
||||
"type": "PACKAGE",
|
||||
"url": "https://github.com/django/django"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=865164"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691145"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090666.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090904.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090970.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://ubuntu.com/usn/usn-1632-1"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://ubuntu.com/usn/usn-1757-1"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://www.debian.org/security/2013/dsa-2634"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/4"
|
||||
}
|
||||
],
|
||||
"database_specific": {
|
||||
"cwe_ids": [
|
||||
"CWE-20"
|
||||
],
|
||||
"severity": "MODERATE",
|
||||
"severity": "HIGH",
|
||||
"github_reviewed": true,
|
||||
"github_reviewed_at": "2023-08-29T22:33:16Z",
|
||||
"nvd_published_at": "2012-11-18T23:55:00Z"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"schema_version": "1.4.0",
|
||||
"id": "GHSA-vjjp-9r83-22rc",
|
||||
"modified": "2023-08-28T23:57:36Z",
|
||||
"modified": "2024-09-18T18:57:02Z",
|
||||
"published": "2022-05-17T04:56:46Z",
|
||||
"aliases": [
|
||||
"CVE-2013-4315"
|
||||
|
@ -12,13 +12,17 @@
|
|||
{
|
||||
"type": "CVSS_V3",
|
||||
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
|
||||
},
|
||||
{
|
||||
"type": "CVSS_V4",
|
||||
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
|
||||
}
|
||||
],
|
||||
"affected": [
|
||||
{
|
||||
"package": {
|
||||
"ecosystem": "PyPI",
|
||||
"name": "django"
|
||||
"name": "Django"
|
||||
},
|
||||
"ranges": [
|
||||
{
|
||||
|
@ -37,7 +41,7 @@
|
|||
{
|
||||
"package": {
|
||||
"ecosystem": "PyPI",
|
||||
"name": "django"
|
||||
"name": "Django"
|
||||
},
|
||||
"ranges": [
|
||||
{
|
||||
|
@ -71,6 +75,10 @@
|
|||
"type": "PACKAGE",
|
||||
"url": "https://github.com/django/django"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2013-20.yaml"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued"
|
||||
|
@ -83,14 +91,6 @@
|
|||
"type": "WEB",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-1521.html"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://secunia.com/advisories/54772"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://secunia.com/advisories/54828"
|
||||
},
|
||||
{
|
||||
"type": "WEB",
|
||||
"url": "http://www.debian.org/security/2013/dsa-2755"
|
||||
|
|
Загрузка…
Ссылка в новой задаче