CVE-2025-48432

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-48432

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48432.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48432

Aliases

Related

Published

2025-06-05T03:15:25Z

Modified

2025-06-06T16:27:39.810419Z

Downstream

DLA-4210-1

Summary

[none]

Details

An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

References

Affected packages

Debian:11 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.2.28-1~deb11u7

Affected versions

2:2.*

2:2.2.24-1

2:2.2.25-1~deb11u1

2:2.2.26-1~deb11u1

2:2.2.28-1~deb11u1

2:2.2.28-1~deb11u2

2:2.2.28-1~deb11u3

2:2.2.28-1~deb11u4

2:2.2.28-1~deb11u5

2:2.2.28-1~deb11u6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3:3.*

3:3.2.19-1

3:3.2.19-1+deb12u1~bpo11+1

3:3.2.19-1+deb12u1

3:3.2.19-1+deb12u2

3:3.2.20-1

3:3.2.20-1.1

3:3.2.21-1

3:4.*

3:4.1-1

3:4.1.1-1

3:4.1.2-1

3:4.1.3-1

3:4.1.4-1

3:4.1.5-1

3:4.2~alpha1-1

3:4.2~beta1-1

3:4.2~rc1-1

3:4.2-1

3:4.2.1-1

3:4.2.2-1

3:4.2.3-1

3:4.2.4-1

3:4.2.5-1

3:4.2.5-2

3:4.2.6-1

3:4.2.8-1

3:4.2.9-1

3:4.2.10-1

3:4.2.11-1

3:4.2.13-1

3:4.2.14-1

3:4.2.15-1~bpo12+1

3:4.2.15-1

3:4.2.16-1

3:4.2.17-1

3:4.2.17-2

3:4.2.18-1~bpo12+1

3:4.2.18-1

3:4.2.19-1~bpo12+1

3:4.2.19-1

3:4.2.20-1~bpo12+1

3:4.2.20-1

3:4.2.21-1~bpo12+1

3:4.2.21-1

3:4.2.22-1

3:5.*

3:5.0~alpha1-1

3:5.0~rc1-1

3:5.0-1

3:5.0.1-1

3:5.0.2-1

3:5.0.3-1

3:5.0.4-1

3:5.0.6-1

3:5.1~alpha1-1

3:5.1~beta1-1

3:5.1~rc1-1

3:5.1-1

3:5.1.1-1

3:5.1.2-1

3:5.1.3-1

3:5.1.4-1

3:5.1.5-1

3:5.2~alpha1-1

3:5.2~beta1-1

3:5.2~rc1-1

3:5.2-1

3:5.2.1-1

3:5.2.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / python-django

Package

Name: python-django
Purl: pkg:deb/debian/python-django?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3:3.*

3:3.2.19-1

3:3.2.20-1

3:3.2.20-1.1

3:3.2.21-1

3:4.*

3:4.1-1

3:4.1.1-1

3:4.1.2-1

3:4.1.3-1

3:4.1.4-1

3:4.1.5-1

3:4.2~alpha1-1

3:4.2~beta1-1

3:4.2~rc1-1

3:4.2-1

3:4.2.1-1

3:4.2.2-1

3:4.2.3-1

3:4.2.4-1

3:4.2.5-1

3:4.2.5-2

3:4.2.6-1

3:4.2.8-1

3:4.2.9-1

3:4.2.10-1

3:4.2.11-1

3:4.2.13-1

3:4.2.14-1

3:4.2.15-1~bpo12+1

3:4.2.15-1

3:4.2.16-1

3:4.2.17-1

3:4.2.17-2

3:4.2.18-1~bpo12+1

3:4.2.18-1

3:4.2.19-1~bpo12+1

3:4.2.19-1

3:4.2.20-1~bpo12+1

3:4.2.20-1

3:4.2.21-1~bpo12+1

3:4.2.21-1

3:4.2.22-1

3:5.*

3:5.0~alpha1-1

3:5.0~rc1-1

3:5.0-1

3:5.0.1-1

3:5.0.2-1

3:5.0.3-1

3:5.0.4-1

3:5.0.6-1

3:5.1~alpha1-1

3:5.1~beta1-1

3:5.1~rc1-1

3:5.1-1

3:5.1.1-1

3:5.1.2-1

3:5.1.3-1

3:5.1.4-1

3:5.1.5-1

3:5.2~alpha1-1

3:5.2~beta1-1

3:5.2~rc1-1

3:5.2-1

3:5.2.1-1

3:5.2.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}