5.3
CVE-2025-48432
- EPSS 0.41%
- Veröffentlicht 05.06.2025 00:00:00
- Zuletzt bearbeitet 15.10.2025 17:47:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Djangoproject ≫ Django Version >= 4.2 < 4.2.23
Djangoproject ≫ Django Version >= 5.1 < 5.1.11
Djangoproject ≫ Django Version >= 5.2 < 5.2.3
Debian ≫ Debian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.613 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| cve@mitre.org | 4 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
|
CWE-117 Improper Output Neutralization for Logs
The product does not neutralize or incorrectly neutralizes output that is written to logs.