DEBIAN-CVE-2019-12781

DEBIAN-CVE-2019-12781 PUBLISHED CVSS 5.300000190734863 MEDIUM

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.

Risk Scores

CVSS 3.0

5.300000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:12	python-django	0, 0, 0
Debian:11	python-django	0, 0, 0
Debian:14	python-django	0, 0, 0
Debian:13	python-django	0, 0, 0

Timeline

Jul 1, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-12781 advisory

Open in Interactive Console →