CVE-2015-8213
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2015-8213
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-8213.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2015-8213
- Aliases
- Related
- Published
- 2015-12-07T20:59:17Z
- Modified
- 2024-09-18T01:00:21Z
- Summary
- [none]
- Details
-
The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY.
- References
-
- http://rhn.redhat.com/errata/RHSA-2016-0129.html
- http://rhn.redhat.com/errata/RHSA-2016-0156.html
- http://rhn.redhat.com/errata/RHSA-2016-0157.html
- http://rhn.redhat.com/errata/RHSA-2016-0158.html
- http://www.debian.org/security/2015/dsa-3404
- http://www.ubuntu.com/usn/USN-2816-1
- https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
- https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html
- http://www.securityfocus.com/bid/77750
- http://www.securitytracker.com/id/1034237
- https://security-tracker.debian.org/tracker/CVE-2015-8213
Affected packages
Debian:11 / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/debian/python-django?arch=source
Debian:12 / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/debian/python-django?arch=source
Debian:13 / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/debian/python-django?arch=source