cbcvebase.
CVE-2012-3442
published 2012-07-31

CVE-2012-3442: The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not…

PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.07%
79.1th percentile
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianpython-django< python-django 1.4.1-1 (bookworm)python-django 1.4.1-1 (bookworm)
djangoprojectdjango< 1.3.21.3.2
djangoprojectdjango
djangoprojectdjango>= 0 < 1.3.21.3.2
djangoprojectdjango>= 1.4 < 1.4.11.4.1

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.