CVE-2011-0698 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=1.1 <1.1.4 || >=1.2 <1.2.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00719 pctl0.71612

Details

Directory traversal in Django Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

Metadata

Created: 2018-07-23T19:52:31Z
Modified: 2024-09-16T21:55:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-7g9h-c88w-r7h2/GHSA-7g9h-c88w-r7h2.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-7g9h-c88w-r7h2
Finding: F063
Auto approve: 1