Django prior to 1.4.21, 1.5.x up to and including 1.6.x, 1.7.x prior to 1.7.9, and 1.8.x prior to 1.8.3 uses an incorrect regular expression, which allows remote malicious users to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 12.04 |
||
djangoproject django |
||
djangoproject django 1.5 |
||
djangoproject django 1.5.2 |
||
djangoproject django 1.5.3 |
||
djangoproject django 1.6 |
||
djangoproject django 1.6.4 |
||
djangoproject django 1.6.5 |
||
djangoproject django 1.7 |
||
djangoproject django 1.7.5 |
||
djangoproject django 1.7.6 |
||
djangoproject django 1.8.2 |
||
djangoproject django 1.5.4 |
||
djangoproject django 1.5.5 |
||
djangoproject django 1.6.6 |
||
djangoproject django 1.6.7 |
||
djangoproject django 1.7.7 |
||
djangoproject django 1.7.8 |
||
djangoproject django 1.5.1 |
||
djangoproject django 1.5.10 |
||
djangoproject django 1.5.6 |
||
djangoproject django 1.5.7 |
||
djangoproject django 1.5.8 |
||
djangoproject django 1.6.1 |
||
djangoproject django 1.6.10 |
||
djangoproject django 1.6.8 |
||
djangoproject django 1.6.9 |
||
djangoproject django 1.7.1 |
||
djangoproject django 1.7.2 |
||
djangoproject django 1.7.9 |
||
djangoproject django 1.8 |
||
djangoproject django 1.5.11 |
||
djangoproject django 1.5.12 |
||
djangoproject django 1.5.9 |
||
djangoproject django 1.6.2 |
||
djangoproject django 1.6.3 |
||
djangoproject django 1.7.3 |
||
djangoproject django 1.7.4 |
||
djangoproject django 1.8.0 |
||
djangoproject django 1.8.1 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
oracle solaris 11.3 |