Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SNYK: MEDIUM] Web Cache Poisoning (Due: 4/25/2021) #4426

Closed
patphongs opened this issue Feb 24, 2021 · 0 comments · Fixed by #4518
Closed

[SNYK: MEDIUM] Web Cache Poisoning (Due: 4/25/2021) #4426

patphongs opened this issue Feb 24, 2021 · 0 comments · Fixed by #4518
Assignees
@patphongs
Labels
Security: moderate Remediate within 60 days
Milestone
Sprint 14.4

Comments

@patphongs
Copy link
Member

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Web Cache Poisoning. Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default.

Remediation
Upgrade django to version 2.2.19, 3.0.13, 3.1.7 or higher.
@patphongs patphongs added the Security: moderate Remediate within 60 days label Feb 24, 2021
@patphongs patphongs added this to the Sprint 14.3 milestone Feb 24, 2021
@patphongs patphongs mentioned this issue Feb 24, 2021
Closed
@hcaofec hcaofec mentioned this issue Mar 3, 2021
Closed
1 task
@patphongs patphongs mentioned this issue Mar 10, 2021
Closed
@lbeaufort lbeaufort mentioned this issue Mar 17, 2021
Closed
1 task
@pkfec pkfec mentioned this issue Mar 24, 2021
Closed
@patphongs patphongs mentioned this issue Mar 25, 2021
Closed
@johnnyporkchops johnnyporkchops mentioned this issue Mar 30, 2021
Closed
1 task
@patphongs patphongs mentioned this issue Apr 1, 2021
Merged
@rfultz rfultz modified the milestones: Sprint 14.3, Sprint 14.4 Apr 6, 2021
@pkfec pkfec mentioned this issue Apr 7, 2021
Closed
@rfultz rfultz mentioned this issue Apr 14, 2021
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@patphongs patphongs

Labels
Security: moderate Remediate within 60 days
Projects
None yet
Milestone
Sprint 14.4
2 participants
@patphongs @rfultz