CVE-2015-5144 Medium Severity Vulnerability detected by WhiteSource #24
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2015-5144 - Medium Severity Vulnerability
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
path: /test1111/requirements.txt
Library home page: https://pypi.python.org/packages/e6/3f/f3e67d9c2572765ffe4268fc7f9997ce3b02e78fd144733f337d72dabb12/Django-1.4.1.tar.gz
Dependency Hierarchy:
Found in HEAD commit: 62fc916d94bd6f0b01520b2422e2421c65cf16e4
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
Publish Date: 2015-07-14
URL: CVE-2015-5144
Base Score Metrics not available
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201510-06
Release Date: 2015-10-31
Fix Resolution: All Django 1.8 users should upgrade to the latest version >= django-1.8.3 All Django 1.7 users should upgrade to the latest version >= django-1.7.9 All Django 1.4 users should upgrade to the latest version >= django-1.4.21
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: