CVE-2014-0472
Published: 22 April 2014
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
lucid |
Released
(1.1.1-2ubuntu1.10)
|
precise |
Released
(1.3.1-4ubuntu1.9)
|
|
quantal |
Released
(1.4.1-2ubuntu0.5)
|
|
saucy |
Released
(1.5.4-1ubuntu1.1)
|
|
trusty |
Released
(1.6.1-2ubuntu0.1)
|
|
upstream |
Released
(1.4.11,1.5.6,1.6.3)
|