The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-18T23:00:00

Updated: 2024-08-06T20:42:53.672Z

Reserved: 2012-08-21T00:00:00

Link: CVE-2012-4520

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-11-18T23:55:01.040

Modified: 2024-11-21T01:43:03.193

Link: CVE-2012-4520

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-10-17T00:00:00Z

Links: CVE-2012-4520 - Bugzilla