DSA-3010-1 python-django -- python-djangoID: oval:org.secpod.oval:def:601763 | Date: (C)2014-09-04 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0480 Florian Apolloner discovered that in certain situations, URL reversing could generate scheme-relative URLs which could unexpectedly redirect a user to a different host, leading to phishing attacks. CVE-2014-0481 David Wilson reported a file upload denial of service vulnerability. Django"s file upload handling in its default configuration may degrade to producing a huge number of `os.stat` system calls when a duplicate filename is uploaded. A remote attacker with the ability to upload files can cause poor performance in the upload handler, eventually causing it to become very slow. CVE-2014-0482 David Greisen discovered that under some circumstances, the use of the RemoteUserMiddleware middleware and the RemoteUserBackend authentication backend could result in one user receiving another user"s session, if a change to the REMOTE_USER header occurred without corresponding logout/login actions. CVE-2014-0483 Collin Anderson discovered that it is possible to reveal any field"s data by modifying the "popup" and "to_field" parameters of the query string on an admin change form page. A user with access to the admin interface, and with sufficient knowledge of model structure and the appropriate URLs, could construct popup views which would display the values of non-relationship fields, including fields the application developer had not intended to expose in such a fashion.