Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Django URL请求信息泄露漏洞
Vulnerability Description
Django是Django软件基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django内嵌了一个轻量级的基于WSGI的Web Server用于学习Django以及在开发的早期阶段测试新应用。出于便利性考虑,这个Web Server自动映射某些Django管理应用所使用的静态媒体文件相关的URL。映射这些URL的处理器没有正确地检查用户所请求的URL以确认其与Django所使用的静态媒体文件相关,因此特制的URL可能导致开发服务器提供任意可以读访
CVSS Information
N/A
Vulnerability Type
N/A