NVD

Id
29368  
Name
CVE-2014-0474  
Description
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2014-04-23  
Modified Date
2017-01-06  
Seq
2014-0474  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
155849 29368 CVE-2014-0474 openSUSE-SU-2014:1132  View
155850 29368 CVE-2014-0474 RHSA-2014:0456  View
155851 29368 CVE-2014-0474 RHSA-2014:0457  View
155852 29368 CVE-2014-0474 61281  View
155853 29368 CVE-2014-0474 DSA-2934  View
155854 29368 CVE-2014-0474 USN-2169-1  View
155855 29368 CVE-2014-0474 https://www.djangoproject.com/weblog/2014/apr/21/security/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13357 JVNDB-2014-002232 Django の FilePathField などのモデルフィールドクラスにおける脆弱性 Django の (1) FilePathField、(2) GenericIPAddressField、および (3) IPAddressField モデルフィールドクラスは、型変換を適切に実行しないため、不特定の影響を受ける脆弱性が存在します。 CVE-2014-0474 67875 CVE-2014-0474 29368 10 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002232.html 2014-04-21 2014-08-11 View