CVE-2014-0474 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=0 <1.4.11 || >=1.5 <1.5.6 || >=1.6 <1.6.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.06294 pctl0.90566

Details

Django Vulnerable to MySQL Injection The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

Metadata

Created: 2022-05-17T03:07:04Z
Modified: 2025-04-13T23:27:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wqjj-hx84-v449/GHSA-wqjj-hx84-v449.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-wqjj-hx84-v449
Finding: F297
Auto approve: 1