You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.89. Please mark this comment with 👍 or 👎 to give our bot feedback!
CVE-2019-12781 - Medium Severity Vulnerability
Vulnerable Library - django2.1.4
The Web framework for perfectionists with deadlines.
Library home page: https://github.com/django/django.git
Found in HEAD commit: 8eeffab8d1d77cf11239121293a51e659638a659
Library Source Files (654)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
Vulnerability Details
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Publish Date: 2019-07-01
URL: CVE-2019-12781
CVSS 3 Score Details (5.3)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: