USN-2469-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2015-0219 CVE-2015-0220 CVE-2015-0221 CVE-2015-0222 UBUNTU-CVE-2015-0219 UBUNTU-CVE-2015-0220

Published: 13 Jan 2015, 19:40

Last modified:04 Feb 2026, 03:44

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Jan 2015, 19:40

Published

Vulnerability first disclosed

04 Feb 2026, 03:44

Last Modified

Vulnerability information updated

Description

python-django vulnerabilities Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. (CVE-2015-0219) Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. (CVE-2015-0220) Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service. (CVE-2015-0221) Keryn Knight discovered that Django incorrectly handled forms with ModelMultipleChoiceField. A remote attacker could possibly use this issue to cause a large number of SQL queries, resulting in a database denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-0222)

Affected Systems

ubuntu•python-django
< 1.6.1-2ubuntu0.6

USN-2469-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)