CVE-2012-4520
Description
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
3.893
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-4520 are fixed in Python-django 1.3.4 | Windows |
| Vulnerabilities CVE-2012-4520 are fixed in Python-django 1.4.2 | Windows |
| Vulnerabilities CVE-2012-4520 are fixed in Python-django for linux 1.3.4 | Linux |
| Vulnerabilities CVE-2012-4520 are fixed in Python-django for linux 1.4.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234