Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5549-1

Ubuntu Security Notice 5549-1 - It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine.

Packet Storm
#vulnerability#web#mac#ubuntu
=========================================================================Ubuntu Security Notice USN-5549-1August 04, 2022python-django vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Django could be made to expose sensitive information if it receivedan specially crafted input.Software Description:- python-django: High-level Python web development frameworkDetails:It was discovered that Django incorrectly handled certain FileResponse.An attacker could possibly use this issue to expose sensitive informationor gain access over user machine.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  python3-django                  2:3.2.12-2ubuntu1.2Ubuntu 20.04 LTS:  python3-django                  2:2.2.12-1ubuntu0.13In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5549-1  CVE-2022-36359Package Information:  https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.2  https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.13

Related news

CVE-2022-45442: CVE-2022-36359 - GitHub Advisory Database

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue.

GHSA-8x94-hmjh-97hq: Django 3.2 before 3.2.15 and 4.0 before 4.0.7 vulnerable to Reflected File Download attack

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

CVE-2022-36359: Archive of security issues | Django documentation

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution