CVE-2012-4520
Publication date 30 October 2012
Last updated 24 July 2024
Ubuntu priority
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
Status
Package | Ubuntu Release | Status |
---|---|---|
python-django | 12.10 quantal |
Fixed 1.4.1-2ubuntu0.1
|
12.04 LTS precise |
Fixed 1.3.1-4ubuntu1.3
|
|
11.10 oneiric |
Fixed 1.3-2ubuntu1.4
|
|
10.04 LTS lucid |
Fixed 1.1.1-2ubuntu1.6
|
|
8.04 LTS hardy | Ignored end of life |
Notes
Patch details
Package | Patch details |
---|---|
python-django |
|
References
Related Ubuntu Security Notices (USN)
- USN-1757-1
- Django vulnerabilities
- 7 March 2013
- USN-1632-1
- Django vulnerability
- 15 November 2012