Main Vulnerability Database SB2015073105

SB2015073105 - Input validation error in py-django (Alpine package)

Published: July 31, 2015

Security Bulletin ID SB2015073105

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2015-5144)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=d94be55640e6ceafed637b25e4620fb72f31d8a4