Django Bugs Let Remote Users Access the Database

Posted on Posted in Django

Decription: Several vulnerabilities were reported in Django. A remote user can obtain potentially sensitive information on the target system. A remote user can gain access to the target system. A remote user can conduct cross-site scripting attacks.

On systems where tests were run with an Oracle database and a password was not manually specified in the database settings TEST dictionary, the system uses a hardcoded password [CVE-2016-9013]. A remote user can connect to the database server using the hardcoded password.

Affected versions: 1.8.x, 1.9.x, 1.10.x

Recommended action: Upgrade to the one of the latest branch updates (1.8.16, 1.9.11, 1.10.3)

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *