Vulnerabilities

CVE-2012-4520

by Fred · 18/11/2012

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

Date published : 2012-11-18

https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3

https://github.com/django/django/commit/9305c0e12d43c4df999c3301a1f0c742264a657e

Similar

Tags: Cybersecurity Alert