What is the severity of CVE-2014-0474?

CVE-2014-0474 has a medium severity level due to improper type conversion vulnerabilities.

How do I fix CVE-2014-0474?

To fix CVE-2014-0474, upgrade Django to version 1.4.11, 1.5.6, 1.6.3, or later.

What versions of Django are affected by CVE-2014-0474?

CVE-2014-0474 affects Django versions prior to 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7 beta 2.

Can remote attackers exploit CVE-2014-0474?

Yes, remote attackers could exploit CVE-2014-0474 due to insufficient type conversion.

What fields are affected by CVE-2014-0474 in Django?

The affected fields in Django for CVE-2014-0474 are FilePathField, GenericIPAddressField, and IPAddressField.

Vulnerability/
CVE-2014-0474

critical

CWE

89 399

23/4/2014

17/5/2022

18/9/2024

CVE-2014-0474: SQL Injection

First published: Wed Apr 23 2014(Updated: )

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."

Credit: security@debian.org

Affected Software	Affected Version	How to fix
pip/Django	>=1.6<1.6.3	1.6.3
pip/Django	>=1.5<1.5.6	1.5.6
pip/django	<1.4.11	1.4.11
Ubuntu Linux	=10.04
Ubuntu Linux	=12.04
Ubuntu Linux	=12.10
Ubuntu Linux	=13.10
Ubuntu Linux	=14.04
djangoproject Django	=1.6
djangoproject Django	=1.6.1
djangoproject Django	=1.6.2
djangoproject Django	<=1.4.10
djangoproject Django	=1.4
djangoproject Django	=1.4.1
djangoproject Django	=1.4.2
djangoproject Django	=1.4.3
djangoproject Django	=1.4.4
djangoproject Django	=1.4.5
djangoproject Django	=1.4.6
djangoproject Django	=1.4.7
djangoproject Django	=1.4.8
djangoproject Django	=1.4.9
djangoproject Django	=1.7-alpha1
djangoproject Django	=1.7-alpha2
djangoproject Django	=1.7-beta1
djangoproject Django	=1.5
djangoproject Django	=1.5.1
djangoproject Django	=1.5.2
djangoproject Django	=1.5.3
djangoproject Django	=1.5.4
djangoproject Django	=1.5.5
Ubuntu	=10.04
Ubuntu	=12.04
Ubuntu	=12.10
Ubuntu	=13.10
Ubuntu	=14.04

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0474?
CVE-2014-0474 has a medium severity level due to improper type conversion vulnerabilities.
How do I fix CVE-2014-0474?
To fix CVE-2014-0474, upgrade Django to version 1.4.11, 1.5.6, 1.6.3, or later.
What versions of Django are affected by CVE-2014-0474?
CVE-2014-0474 affects Django versions prior to 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7 beta 2.
Can remote attackers exploit CVE-2014-0474?
Yes, remote attackers could exploit CVE-2014-0474 due to insufficient type conversion.
What fields are affected by CVE-2014-0474 in Django?
The affected fields in Django for CVE-2014-0474 are FilePathField, GenericIPAddressField, and IPAddressField.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/description
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-wqjj-hx84-v449
alias/CVE-2014-0474
agent/software-canonical-lookup
agent/last-modified-date
agent/severity
agent/references
agent/event
collector/github-advisory
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/author
collector/nvd-cve
source/NVD
package-manager/pip
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/10.04
version/ubuntu linux/12.04
version/ubuntu linux/12.10
version/ubuntu linux/13.10
version/ubuntu linux/14.04
vendor/djangoproject
canonical/djangoproject django
version/djangoproject django/1.6
version/djangoproject django/1.6.1
version/djangoproject django/1.6.2
version/djangoproject django/1.4.10
version/djangoproject django/1.4
version/djangoproject django/1.4.1
version/djangoproject django/1.4.2
version/djangoproject django/1.4.3
version/djangoproject django/1.4.4
version/djangoproject django/1.4.5
version/djangoproject django/1.4.6
version/djangoproject django/1.4.7
version/djangoproject django/1.4.8
version/djangoproject django/1.4.9
version/djangoproject django/1.7-alpha1
version/djangoproject django/1.7-alpha2
version/djangoproject django/1.7-beta1
version/djangoproject django/1.5
version/djangoproject django/1.5.1
version/djangoproject django/1.5.2
version/djangoproject django/1.5.3
version/djangoproject django/1.5.4
version/djangoproject django/1.5.5
canonical/ubuntu
version/ubuntu/10.04
version/ubuntu/12.04
version/ubuntu/12.10
version/ubuntu/13.10
version/ubuntu/14.04