CVE-2019-12781 log

Severity High
Remote Yes
Type Silent downgrade
An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Group Package Affected Fixed Severity Status Ticket
AVG-1001 python2-django 1.11.21-1 1.11.22-1 High Fixed
AVG-1000 python-django 2.2.2-1 2.2.3-1 High Fixed
Date Advisory Group Package Severity Type
06 Jul 2019 ASA-201907-3 AVG-1001 python2-django High silent downgrade
06 Jul 2019 ASA-201907-2 AVG-1000 python-django High silent downgrade