CVE-2014-0483 (Low) detected in Django-3.2.14-py3-none-any.whl

[mend-bolt-for-github]

CVE-2014-0483 - Low Severity Vulnerability

Vulnerable Library - Django-3.2.14-py3-none-any.whl

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

Library home page: https://files.pythonhosted.org/packages/c0/a8/4afc7742ad1e506909ce8c5056761f22c8a2db0a8b4a46cfa290b1cd6685/Django-3.2.14-py3-none-any.whl

Dependency Hierarchy:

• ❌ Django-3.2.14-py3-none-any.whl (Vulnerable Library)

Found in base branch: main

Vulnerability Details

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.

Publish Date: 2014-08-26

URL: CVE-2014-0483

CVSS 3 Score Details (3.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0483

Release Date: 2014-08-26

Fix Resolution: 1.4.14,1.5.9,1.6.6,1.7

---

Step up your Open Source Security Game with Mend here