CVE-2015-8213

LOW2.8EPSS 3.0%

Django settings leak in date template filter

發布日:2022/5/17修改日:2024/9/18
也稱為:GHSA-6wcr-wcqm-3mfhDEBIAN-CVE-2015-8213PYSEC-2015-11

描述

The get_format function in `utils/formats.py` in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by `SECRET_KEY`.

受影響套件(5)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
osvCVSS 3.1LOW2.8CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

參考連結(22)