Main Vulnerability Database SB2015071412

SB2015071412 - Input validation error in Django

Published: July 14, 2015 Updated: July 28, 2020

Security Bulletin ID SB2015071412

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2015-5144)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Remediation

Install update from vendor's website.

SB2015071412 - Input validation error in Django

Breakdown by Severity

Description

Remediation

References