Cross-Site Scripting Vulnerability in Django Framework by Django Software Foundation
CVE-2015-2317

Currently unrated

Key Information:

Vendor

Fedoraproject

Status
Fedora
Debian Linux
Opensuse
Vendor
CVE Published:
25 March 2015

What is CVE-2015-2317?

Django's utils.http.is_safe_url function prior to version 1.8c1 is susceptible to improper URL validation, which invites remote attackers to exploit this gap via malicious URLs containing control characters. This can result in cross-site scripting (XSS) attacks, a significant security risk for web applications relying on Django, allowing attackers to execute arbitrary scripts in the context of the user's browser.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://ubuntu.com/usn/usn-2539-1
vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/73319
vdb-entryx_refsource_BID
http://www.debian.org/security/2015/dsa-3204
vendor-advisoryx_refsource_DEBIAN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.