CVE-2015-0220 Medium Severity Vulnerability detected by WhiteSource #16
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2015-0220 - Medium Severity Vulnerability
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
path: /example-python/requirements.txt
Library home page: https://pypi.python.org/packages/d2/29/1935a5825b8820d1e398ab83f0730d483ec731fae34745ddac8318cf6ac8/Django-1.7.1-py2.py3-none-any.whl
Dependency Hierarchy:
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
Publish Date: 2015-01-16
URL: CVE-2015-0220
Base Score Metrics not available
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-0220
Release Date: 2015-01-16
Fix Resolution: 1.4.18,1.6.10,1.7.3
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: