Red Hat Security Advisory 2013-1521-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was discovered that the django.utils.http.is_safe_url() function considered any URL that used a scheme other than HTTP or HTTPS as safe. An attacker could potentially use this flaw to perform cross-site scripting attacks. A directory traversal flaw was found in Django's "ssi" template tag, which takes a file path as input and outputs that file's contents. An attacker able to alter templates that made use of the "ssi" tag on a site could use this flaw to access any local files accessible to Django.
7944b271df0a414473dfe8d8e114b4c4bbe4b1fc6747d98e0d3bd3fc081b215b
Ubuntu Security Notice 1967-1 - It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. It was discovered that the Django is_safe_url utility function did not restrict redirects to certain schemes. An attacker could possibly use this issue to perform a cross-site scripting attack. Various other issues were also addressed.
b392b918c4a2132a058b80068ecb5d6b09912f2551f9368b0623a0e6b05f9241
Mandriva Linux Security Advisory 2013-234 - Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWED_INCLUDE_ROOTS' setting, used to represent allowed prefixes for the {% ssi %} template tag, is vulnerable to a directory traversal attack, by specifying a file path which begins as the absolute path of a directory in 'ALLOWED_INCLUDE_ROOTS', and then uses relative paths to break free. To exploit this vulnerability an attacker must be in a position to alter templates on the site, or the site to be attacked must have one or more templates making use of the 'ssi' tag, and must allow some form of unsanitized user input to be used as an argument to the 'ssi' tag. The updated packages have been patched to correct this issue.
d3f769be8b513a5267862bd72b2ed194d642228aa7ec807789ae85a17661ab3b
Debian Linux Security Advisory 2755-1 - Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework.
1b081252a94e06a8ee2a5f8fe08eadbd3d6bba1d0ead877c626d97f15c41b2a8