- Vulnerability/
- USN-4043-1
USN-4043-1: Django vulnerabilities
First published: Mon Jul 01 2019(Updated: )
It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-12308) Gavin Wahl discovered that Django incorrectly handled HTTP detection when used behind a reverse-proxy. Client requests made via HTTP would cause incorrect API results and would not be redirected to HTTPS, contrary to expectations. (CVE-2019-12781)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python-django | <1:1.11.20-1ubuntu0.1 | 1:1.11.20-1ubuntu0.1 |
| Ubuntu Ubuntu | =19.04 | |
| All of | ||
| ubuntu/python3-django | <1:1.11.20-1ubuntu0.1 | 1:1.11.20-1ubuntu0.1 |
| Ubuntu Ubuntu | =19.04 | |
| All of | ||
| ubuntu/python-django | <1:1.11.15-1ubuntu1.3 | 1:1.11.15-1ubuntu1.3 |
| Ubuntu Ubuntu | =18.10 | |
| All of | ||
| ubuntu/python3-django | <1:1.11.15-1ubuntu1.3 | 1:1.11.15-1ubuntu1.3 |
| Ubuntu Ubuntu | =18.10 | |
| All of | ||
| ubuntu/python-django | <1:1.11.11-1ubuntu1.4 | 1:1.11.11-1ubuntu1.4 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/python3-django | <1:1.11.11-1ubuntu1.4 | 1:1.11.11-1ubuntu1.4 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/python-django | <1.8.7-1ubuntu5.9 | 1.8.7-1ubuntu5.9 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/python3-django | <1.8.7-1ubuntu5.9 | 1.8.7-1ubuntu5.9 |
| Ubuntu Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2019-12308
- https://ubuntu.com/security/CVE-2019-12781
- https://launchpad.net/ubuntu/+source/python-django/1:1.11.20-1ubuntu0.1
- https://launchpad.net/ubuntu/+source/python-django/1:1.11.15-1ubuntu1.3
- https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.4
- https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.9
- https://ubuntu.com/security/notices/USN-4043-1 (Advisory)
Frequently Asked Questions
What is the severity of USN-4043-1?
The severity of USN-4043-1 is high.
How can an attacker exploit CVE-2019-12308?
An attacker can exploit CVE-2019-12308 by exploiting certain inputs to execute arbitrary code.
Which versions of Ubuntu are affected by this vulnerability?
Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 are affected by this vulnerability.
How can I fix the Django vulnerabilities in Ubuntu 19.04?
To fix the Django vulnerabilities in Ubuntu 19.04, update the 'python-django' and 'python3-django' packages to version 1:1.11.20-1ubuntu0.1.
Where can I find more information about USN-4043-1?
You can find more information about USN-4043-1 on the Ubuntu security website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.04
- version/ubuntu ubuntu/18.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04