CVE-2019-12781 log
Source |
|
Severity | High |
Remote | Yes |
Type | Silent downgrade |
Description | An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1001 | python2-django | 1.11.21-1 | 1.11.22-1 | High | Fixed | |
AVG-1000 | python-django | 2.2.2-1 | 2.2.3-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
06 Jul 2019 | ASA-201907-3 | AVG-1001 | python2-django | High | silent downgrade |
06 Jul 2019 | ASA-201907-2 | AVG-1000 | python-django | High | silent downgrade |