The django.http.HttpRequest.get_host function in Django 1.3.x prior to 1.3.4 and 1.4.x prior to 1.4.2 allows remote malicious users to generate and display arbitrary URLs via crafted username and password Host header values.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django 1.3.2 |
||
djangoproject django 1.3.3 |
||
djangoproject django 1.3 |
||
djangoproject django 1.3.1 |
||
djangoproject django 1.4 |
||
djangoproject django 1.4.1 |