Django的开发团队致力于负责的报告和披露安全相关问题,如Django的安全策略所述。
作为承诺的一部分,我们保留了以下历史清单,这些问题已经被修正和披露。 对于每个问题,下面的列表包括日期,简要说明,CVE标识符(如果适用),受影响版本列表,到完整披露的链接以及指向相应修补程序的链接。
一些重要的注意事项适用于以下信息:
Some security issues were handled before Django had a formalized security process in use. For these, new releases may not have been issued at the time and CVEs may not have been assigned.
Filename validation issue in translation framework. Full description
Apparent “caching” of authenticated user. Full description
All other security issues have been handled under versions of Django’s security process. These are listed below.
Denial-of-service via arbitrarily-large Accept-Language header. Full
description
XSS via admin login redirect. Full description
CSRF via preservation of POST data during admin login. Full description
Directory-traversal in development server media handler. Full description
Denial-of-service via pathological regular expression performance. Full description
XSS via trusting unsafe cookie value. Full description
Information leakage in administrative interface. Full description
Denial-of-service in password-reset mechanism. Full description
CSRF via forged HTTP headers. Full description
XSS via unsanitized names of uploaded files. Full description
Directory-traversal on Windows via incorrect path-separator handling. Full description
Session manipulation when using memory-cache-backed session. Full description
Denial-of-service via URLField.verify_exists. Full description
信息泄漏/通过URLField.verify_exists发出任意请求。
Full description
Host header cache poisoning. Full description
Potential CSRF via Host header. Full description
This notification was an advisory only, so no patches were issued.
XSS via failure to validate redirect scheme. Full description
Denial-of-service via compressed image files. Full description
Denial-of-service via large image files. Full description
Host header poisoning. Full description
Additional hardening of Host header handling. Full description
Additional hardening of redirect validation. Full description
Additional hardening of Host header handling. Full description
Entity-based attacks against Python XML libraries. Full description
Information leakage via admin history log. Full description
Denial-of-service via formset max_num bypass. Full description
XSS via admin trusting URLField values. Full description
Possible XSS via unvalidated URL redirect schemes. Full description
Directory-traversal via ssi template tag. Full description
Denial-of-service via large passwords. Full description
Unexpected code execution using reverse(). Full description
Caching of anonymous pages could reveal CSRF token. Full description
MySQL typecasting causes unexpected query results. Full description
Caches may be allowed to store and serve private data. Full description
Malformed URLs from user input incorrectly validated. Full description
reverse() can generate URLs pointing to other hosts. Full description
File upload denial of service. Full description
RemoteUserMiddleware session hijacking. Full description
Data leakage via querystring manipulation in admin. Full description
WSGI header spoofing via underscore/dash conflation. Full description
Mitigated possible XSS attack via user-supplied redirect URLs. Full description
Denial-of-service attack against django.views.static.serve(). Full
description
Database denial-of-service with ModelMultipleChoiceField. Full description
XSS attack via properties in ModelAdmin.readonly_fields. Full description
Denial-of-service possibility with strip_tags(). Full description
Mitigated possible XSS attack via user-supplied redirect URLs. Full description
Fixed session flushing in the cached_db backend. Full description
Denial-of-service possibility by filling session store. Full description
Header injection possibility since validators accept newlines in input. Full description
Denial-of-service possibility in URL validation. Full description
Denial-of-service possibility in logout() view by filling session store.
Full description
Settings leak possibility in date template filter. Full description
User with “change” but not “add” permission can create objects for
ModelAdmin’s with save_as=True. Full description
Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth. Full description
User enumeration through timing difference on password hasher work factor upgrade. Full description
XSS in admin’s add/change related popup. Full description
CSRF protection bypass on a site with Google Analytics. Full description
User with hardcoded password created when running tests on Oracle. Full description
DNS rebinding vulnerability when DEBUG=True. Full description
Open redirect and possible XSS attack via user-supplied numeric redirect URLs. Full description
Open redirect vulnerability in django.views.static.serve(). Full
description
Possible XSS in traceback section of technical 500 debug page. Full description
2017年9月6日