DSA-3544-1 python-django -- python-djangoID: oval:org.secpod.oval:def:602464 | Date: (C)2016-04-28 (M)2022-09-22 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication credentials are incorrectly handled, potentially allowing a remote attacker to perform a malicious redirect or a cross-site scripting attack. CVE-2016-2513 Sjoerd Job Postmus discovered that Django allows user enumeration through timing difference on password hasher work factor upgrades.
Platform: |
Debian 8.x |
Debian 7.x |