The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-11-18T23:00:00
Updated: 2024-08-06T20:42:53.672Z
Reserved: 2012-08-21T00:00:00
Link: CVE-2012-4520
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-11-18T23:55:01.040
Modified: 2024-11-21T01:43:03.193
Link: CVE-2012-4520
Redhat