Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Django Framework
- Search Type: Search All
- CPE Name Search: false
- CPE Vendor: cpe:/:djangoproject
- CPE Product: cpe:/:djangoproject:django
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-0473 |
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. Published: April 23, 2014; 11:55:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1443 |
The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. Published: September 23, 2013; 4:55:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |