Download
| Alert*
|
oval:org.secpod.oval:def:109842
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. oval:org.secpod.oval:def:52631 python-django: High-level Python web development framework Django could be made to expose sensitive information over the network. oval:org.secpod.oval:def:602284 Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application"s settings. oval:org.secpod.oval:def:109883 Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. oval:org.secpod.oval:def:2101786 The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. oval:org.secpod.oval:def:702856 python-django: High-level Python web development framework Django could be made to expose sensitive information over the network. |
