Mandriva Linux Security Advisory : python-django (MDVSA-2015:195)
medium Nessus Plugin ID 82618
Language:
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote Mandriva Linux host is missing a security update.Description
A vulnerability has been discovered and corrected in python-django :The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL (CVE-2015-2317).
The updated packages provides a solution for this security issue.
Solution
Update the affected python-django package.Plugin Details
Severity: Medium
ID: 82618
File Name: mandriva_MDVSA-2015-195.nasl
Version: 1.4
Type: local
Family: Mandriva Local Security Checks
Published: 4/7/2015
Updated: 1/14/2021
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: Low
Score: 3
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:python-django, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/7/2015
Reference Information
CVE: CVE-2015-2317
MDVSA: 2015:195