CVE-2015-5144 Medium Severity Vulnerability detected by WhiteSource #33
Description
CVE-2015-5144 - Medium Severity Vulnerability
Vulnerable Library - Django-1.4.1.tar.gz
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
path: /test1111/requirements.txt
Library home page: https://pypi.python.org/packages/e6/3f/f3e67d9c2572765ffe4268fc7f9997ce3b02e78fd144733f337d72dabb12/Django-1.4.1.tar.gz
Dependency Hierarchy:
- ❌ Django-1.4.1.tar.gz (Vulnerable Library)
Found in HEAD commit: ea978d1774903e4022b7273f99c76e52271d67fa
Vulnerability Details
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.
Publish Date: 2015-07-14
URL: CVE-2015-5144
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201510-06
Release Date: 2015-10-31
Fix Resolution: All Django 1.8 users should upgrade to the latest version >= django-1.8.3 All Django 1.7 users should upgrade to the latest version >= django-1.7.9 All Django 1.4 users should upgrade to the latest version >= django-1.4.21
Step up your Open Source Security Game with WhiteSource here