Back to search
CVE-2015-5144
Published: Jul 14, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2015-1dd5bc998f
vendor-advisory
x_refsource_FEDORA
GLSA-201510-06
vendor-advisory
x_refsource_GENTOO
https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
x_refsource_CONFIRM
openSUSE-SU-2015:1802
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2015:1813
vendor-advisory
x_refsource_SUSE
DSA-3305
vendor-advisory
x_refsource_DEBIAN
75665
vdb-entry
x_refsource_BID
USN-2671-1
vendor-advisory
x_refsource_UBUNTU
1032820
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now