VDB

GCVE-VVD-MAGEIA-2015-26

GCVE-VVD-MAGEIA-2015-26
Advisory Published
Vulnetix · Advisory published March 10, 2015
Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments (CVE-2015-0219). Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack (CVE-2015-0220). Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service (CVE-2015-0221). Keryn Knight discovered that Django incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. Note that this issue only affected python-django (CVE-2015-0222).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaunoconv0 (affected), 0.6-1.20140923.2.mga4 (unaffected)
Mageiapython-django140 (affected), 1.4.18-1.1.mga4 (unaffected), 0 (affected), 1.4.18-1.1.mga4 (unaffected)
Mageiapython-django0 (affected), 1.5.9-1.1.mga4 (unaffected), 0 (affected), 1.5.9-1.1.mga4 (unaffected)

Aliases

CVE-2015-0219CVE-2015-0222CVE-2015-0221CVE-2015-0220

Transitive aliases

CNVD-2015-00391EUVD-2015-0016GSD-2015-0220GHSA-jhjg-w2cp-5j44EUVD-2015-0017SUSE-SU-2015:0695-1PYSEC-2015-4CVE-2014-0483VVD-GENTOO-2014-521324CVE-2014-0481OPENSUSE-SU-2024:14133-1GHSA-6g95-x6cj-mg4vCVE-2014-0480EUVD-2015-0007GHSA-296w-6qhq-gf92GSD-2015-0221VVD-MAGEIA-2014-366GHSA-6565-fg86-6jcxCNVD-2015-00389EUVD-2015-0015GHSA-7fq8-4pv5-5w5cEUVD-2014-0013GHSA-625g-gx8c-xcmgEUVD-2014-0015CNVD-2015-01672VVD-GENTOO-2015-542912CNVD-2015-00388CVE-2015-2316VVD-MAGEIA-2015-127GHSA-f7cm-ccfp-3q4rGHSA-rw75-m7gp-92m3EUVD-2015-0013VVD-GENTOO-2015-536586SUSE-SU-2015:1112-1PYSEC-2015-8CVE-2015-2317EUVD-2014-0014GSD-2015-0222GSD-2015-2241GSD-2015-0219GHSA-gv98-g628-m9x5PYSEC-2015-5CVE-2014-0482GHSA-j3j3-jrfh-cm2wSUSE-SU-2015:1109-1GHSA-7qfw-j7hp-v45gOPENSUSE-SU-2024:11218-1PYSEC-2015-6CNVD-2015-00390PYSEC-2015-7CVE-2015-2241VVD-GENTOO-2015-543754EUVD-2015-0018OPENSUSE-SU-2024:10206-1SUSE-SU-2015:0563-1EUVD-2015-0014EUVD-2014-0012

References

Updated python-django and python-django14 packages fix security vulnerabilities
advisory
Updated python-django and python-django14 packages fix security vulnerabilities
advisory
Updated python-django and python-django14 packages fix security vulnerabilities
issue
Updated python-django and python-django14 packages fix security vulnerabilities
issue
Updated unoconv package makes it usable
advisory
Updated unoconv package makes it usable
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›