VDB
GCVE-110-MAGEIA-2015-26
GCVE-110-MAGEIA-2015-26
Advisory Published
Jedediah Smith discovered that Django incorrectly handled underscores in
WSGI headers. A remote attacker could possibly use this issue to spoof
headers in certain environments (CVE-2015-0219).
Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to perform a
cross-site scripting attack (CVE-2015-0220).
Alex Gaynor discovered that Django incorrectly handled reading files in
django.views.static.serve(). A remote attacker could possibly use this
issue to cause Django to consume resources, resulting in a denial of
service (CVE-2015-0221).
Keryn Knight discovered that Django incorrectly handled forms with
ModelMultipleChoiceField. A remote attacker could possibly use this issue
to cause a large number of SQL queries, resulting in a database denial of
service. Note that this issue only affected python-django (CVE-2015-0222).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | unoconv | 0 (affected), 0.6-1.20140923.2.mga4 (unaffected) | — |
| Mageia | python-django | 0 (affected), 1.5.9-1.1.mga4 (unaffected), 0 (affected), 1.5.9-1.1.mga4 (unaffected) | — |
| Mageia | python-django14 | 1.4.18-1.1.mga4 (unaffected), 0 (affected), 0 (affected), 1.4.18-1.1.mga4 (unaffected) | — |
References
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.