CVE-2012-4520

Published November 18th, 2012

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

django/django

The Web framework for perfectionists with deadlines.

GitHub

88K