CVE-2025-48432

Medium CVSS: 4.0

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

Vendor

Djangoproject

Product

Django

CWE

CWE-117

Yayın Tarihi

2025-06-05 03:15:25

Güncelleme

2025-10-15 17:47:56

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-117 Django MEDIUM Djangoproject 2025

Referanslar

https://docs.djangoproject.com/en/dev/releases/security/ https://groups.google.com/g/django-announce https://www.djangoproject.com/weblog/2025/jun/04/security-releases/ https://www.djangoproject.com/weblog/2025/jun/10/bugfix-releases/ http://www.openwall.com/lists/oss-security/2025/06/04/5 http://www.openwall.com/lists/oss-security/2025/06/10/2 http://www.openwall.com/lists/oss-security/2025/06/10/3 http://www.openwall.com/lists/oss-security/2025/06/10/4

Benzer Kayıtlar

High

CVE-2026-25673

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django…

Low

CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system sto…

Medium

CVE-2026-1207

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField``…

High

CVE-2026-1285

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.char…

Medium

CVE-2026-1287

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to…

Medium

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject…