The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
[1.7.x] Stripped headers containing underscores to prevent spoofing in WSGI environ.
This is a security fix. Disclosure following shortly. Thanks to Jedediah Smith for the report.
by
Lawrence the Dove 2014-09-10 17:06:19 UTC
commit 41b4bc73ee0da7b2e09f4af47fc1fd21144c710f
Django
Fix
Incorrect Underscore Handling CVE-2015-0219
django/core/servers/basehttp.py
-11
docs/howto/auth-remote-user.txt
-16
docs/releases/1.4.18.txt
-24
docs/releases/1.6.10.txt
-24
docs/releases/1.7.3.txt
+1
-23
tests/servers/test_basehttp.py
-67
expand_less
The Vulnerability History Project