CVE-2015-5144 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=0 <1.4.21 || >=1.5 <1.7.9 || >=1.8a1 <1.8.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01493 pctl0.80358

Details

Django Vulnerable to HTTP Response Splitting Attack Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Metadata

Created: 2022-05-17T00:48:30Z
Modified: 2024-09-18T16:19:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q5qw-4364-5hhm/GHSA-q5qw-4364-5hhm.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-q5qw-4364-5hhm
Finding: F184
Auto approve: 1