PYSEC-2011-12

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2011-12.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2011-12

Aliases

CVE-2011-0698
GHSA-7g9h-c88w-r7h2

Published

2011-02-14T21:00:00Z

Modified

2023-11-08T03:56:58.477620Z

Summary

[none]

Details

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

References

http://www.djangoproject.com/weblog/2011/feb/08/security/
http://openwall.com/lists/oss-security/2011/02/09/6
http://www.securityfocus.com/bid/46296
http://secunia.com/advisories/43230
http://www.vupen.com/english/advisories/2011/0372
http://www.mandriva.com/security/advisories?name=MDVSA-2011:031
http://www.vupen.com/english/advisories/2011/0439
https://github.com/advisories/GHSA-7g9h-c88w-r7h2

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1

Fixed

1.1.4

Introduced

1.2

Fixed

1.2.5

Affected versions

1.*

1.1

1.1.1

1.1.2

1.1.3

1.2

1.2.1

1.2.2

1.2.3

1.2.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2011-12.yaml"