Vulnerability in Djangoproject Django
CVE-2014-0481
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting…
EPSS: 0.011 (78.6th percentile) — read the EPSS interpretation.
Affected products
- Djangoproject Django — versions 1.4, 1.4.1, 1.4.2
- Opensuse_project Opensuse — versions 12.3
- Debian Debian_linux — versions 7.0
- Opensuse — versions 13.1
- N/a — versions n/a
Weakness classification (CWE)
References
- security@debian.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 61276 (x_refsource_SECUNIA, third-party-advisory)
- 61281 (x_refsource_SECUNIA, third-party-advisory)
- openSUSE-SU-2014:1132 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- DSA-3010 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- 59782 (x_refsource_SECUNIA, third-party-advisory)