Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2014-0472

Published: 23/04/2014 Updated: 07/01/2017
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Djangoproject

Vulnerability Summary

The django.core.urlresolvers.reverse function in Django prior to 1.4.11, 1.5.x prior to 1.5.6, 1.6.x prior to 1.6.3, and 1.7.x prior to 1.7 beta 2 allows remote malicious users to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django 1.4.3

djangoproject django 1.4.5

djangoproject django 1.4.6

djangoproject django 1.4

djangoproject django 1.4.1

djangoproject django 1.4.2

djangoproject django 1.4.4

djangoproject django

djangoproject django 1.4.9

djangoproject django 1.4.7

djangoproject django 1.4.8

djangoproject django 1.6.2

djangoproject django 1.6.1

djangoproject django 1.6

djangoproject django 1.7

djangoproject django 1.5.1

djangoproject django 1.5

djangoproject django 1.5.5

djangoproject django 1.5.4

djangoproject django 1.5.3

djangoproject django 1.5.2

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 12.10

canonical ubuntu linux 13.10

canonical ubuntu linux 10.04

Vendor Advisories

Ubuntu Security Notice: python-django vulnerabilities
Several security issues were fixed in Django ...
Ubuntu Security Notice: python-django regression
USN-2169-1 introduced a regression in Django ...
Debian Security Advisories: DSA-2934-1 python-django -- security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0472 Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() URL resolver function An attacker able ...
Red Hat: CVE-2014-0472
The djangocoreurlresolversreverse function in Django before 1411, 15x before 156, 16x before 163, and 17x before 17 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path" ...

Github Repositories

https://github.com/christasa/CVE-2014-0472

CVE-2014-0472 Django unexpected code execution using reverse()

CVE-2014-0472 Use docker-compose up -d Access localhost:8083 Reference: wwwdjangoprojectcom/weblog/2014/apr/21/security/ One or more views are present which construct a URL based on user input (commonly, a "next" parameter in a querystring indicating where to redirect upon successful completion of an action) One or

References

CWE-94https://www.djangoproject.com/weblog/2014/apr/21/security/http://www.ubuntu.com/usn/USN-2169-1http://rhn.redhat.com/errata/RHSA-2014-0457.htmlhttp://www.debian.org/security/2014/dsa-2934http://rhn.redhat.com/errata/RHSA-2014-0456.htmlhttp://lists.opensuse.org/opensuse-updates/2014-09/msg00023.htmlhttp://secunia.com/advisories/61281https://nvd.nist.govhttps://usn.ubuntu.com/2169-1/https://access.redhat.com/security/cve/cve-2014-0472
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook