Homepage
About Snyk

Information Exposure Affecting django package, versions [,1.2.7) [1.3,1.3.1)

0.0
low

Snyk CVSS

    Attack Complexity Low
    User Interaction Required

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-DJANGO-40085
  • published 11 Sep 2011
  • disclosed 11 Sep 2011
  • credit Julien Phalip
Report a new vulnerability Found a mistake?

Introduced: 11 Sep 2011

CVE NOT AVAILABLE CWE-352 Open this link in a new tab

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Information Exposure. When the DEBUG is set to True, Exceptions generate a formatted error page, including the full traceback and a display of the HTTP request and relevant settings. Sensitive settings are obscured in this display, but the data submitted with the HTTP request is not. An error in a login view could result in a DEBUG page displaying the plain-text password (from the POST data).