5.3

CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DjangoprojectDjango Version >= 1.11 < 1.11.22
DjangoprojectDjango Version >= 2.1 < 2.1.10
DjangoprojectDjango Version >= 2.2 < 2.2.3
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.7% 0.742
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://docs.djangoproject.com/en/dev/releases/security/
Patch
Vendor Advisory
https://seclists.org/bugtraq/2019/Jul/10
Third Party Advisory
https://www.debian.org/security/2019/dsa-4476
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html
https://usn.ubuntu.com/4043-1/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/01/3
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/109018
Third Party Advisory
https://groups.google.com/forum/#%21topic/django-announce/Is4kLY9ZcZQ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VXXWIOQGXOB7JCGJ3CVUW673LDHKEYL/
https://security.netapp.com/advisory/ntap-20190705-0002/
Third Party Advisory
https://www.djangoproject.com/weblog/2019/jul/01/security-releases/
Patch
Vendor Advisory