An issue exists in Django 1.11 prior to 1.11.22, 2.1 prior to 2.1.10, and 2.2 prior to 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django |
||
canonical ubuntu linux 16.04 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
canonical ubuntu linux 19.04 |