CVE-2019-12781

Priority
Description
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10,
and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the
proxy connects to Django via HTTPS. In other words,
django.http.HttpRequest.scheme has incorrect behavior when a client uses
HTTP.
Assigned-to
leosilva
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu5.9)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:1.11.11-1ubuntu1.4)
Ubuntu 19.10 (Eoan Ermine):not-affected (1:1.11.22-1)
More Information

Updated: 2020-01-29 20:04:44 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)