cpe:/a:djangoproject:django:1.7.10 cpe:/a:djangoproject:django:1.8.0 cpe:/a:djangoproject:django:1.8.1 cpe:/a:djangoproject:django:1.8.2 cpe:/a:djangoproject:django:1.8.3 cpe:/a:djangoproject:django:1.8.4 cpe:/a:djangoproject:django:1.8.5 cpe:/a:djangoproject:django:1.8.6 cpe:/a:djangoproject:django:1.9.0:rc1 CVE-2015-8213 2015-12-07T15:59:17.613-05:00 2016-12-07T13:26:43.987-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2015-12-08T11:12:51.530-05:00 SECTRACK 1034237 BID 77750 DEBIAN DSA-3404 FEDORA FEDORA-2015-323274d412 FEDORA FEDORA-2015-a8c8f60fbd REDHAT RHSA-2016:0129 REDHAT RHSA-2016:0156 REDHAT RHSA-2016:0157 REDHAT RHSA-2016:0158 UBUNTU USN-2816-1 CONFIRM https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4 CONFIRM https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ SUSE openSUSE-SU-2015:2199 SUSE openSUSE-SU-2015:2202 The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.