CVE-2025-48432: An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path…

CVE-2025-48432 [MEDIUM] CWE-117 django: Django Path Injection Vulnerability django: Django Path Injection Vulnerability An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. A flaw was found in Django. The `request.path` component of HTTP requests is not properly escaped when included in internal response logging, allowing remote attackers to manipulate log output through crafted URLs. This vulnerability allows an attacker to inject arbitrary content into Django's internal log files. The consequence is potential information leakage or log file corruption. Statement: The

CVE-2025-48432 Django vulnerability Title: Django vulnerability Summary: Django could be made to log injection if received specially crafted input. It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2025-48432 [MEDIUM] CVE-2025-48432: python-django - An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 b... An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. Scope: local bookworm: resolved (fixed in 3:3.2.25-0+deb12u1) bullseye: resolved (fixed in 2:2.2.28-1~deb11u7) forky: resolved (fixed in 3:4.2.23-1) sid: resolved (fixed in 3:4.2.23-1) trixie: resolved (fixed in 3:4.2.23-1)

CVE-2025-48432 [MEDIUM] CWE-117 Django Improper Output Neutralization for Logs vulnerability Django Improper Output Neutralization for Logs vulnerability An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

CVE-2025-48432 CVE-2025-48432: An issue was discovered in Django 5 An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

CVE-2025-48432 [MEDIUM] CVE-2025-48432: An issue was discovered in Django 5 An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

CVE-2025-48432 [MEDIUM] Django Improper Output Neutralization for Logs vulnerability Django Improper Output Neutralization for Logs vulnerability An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.