CVE-2025-48432 in Djangoالمعلومات

الملخص

بحسب MITRE • 05/06/2025

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

21/05/2025

إفشاء

05/06/2025

الاعتدال

تمت الموافقة

إدخال

VDB-311196

CPE

جاهز

CWE

CWE-117 (مؤكد)

CVSS

5.3 (NVD)

EPSS

0.00411

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider, Agriculture, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-48432
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-48432
CVE Details	https://www.cvedetails.com/cve/CVE-2025-48432/

التالي ▸نظرة عامة ◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!