Vulnerabilities > Djangoproject > Django > 1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-07-31 | CVE-2012-3443 | Improper Input Validation vulnerability in Djangoproject Django The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. | 5.0 |
2012-07-31 | CVE-2012-3442 | Cross-Site Scripting vulnerability in Djangoproject Django The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL. | 4.3 |