Oval Definition:oval:org.opensuse.security:def:201712794
Revision Date:2022-06-30Version:1
Title:CVE-2017-12794
Description:

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-12794
SUSE-SU-2018:0973-1
SUSE-SU-2018:1102-1
openSUSE-SU-2018:0632-1
openSUSE-SU-2018:0824-1
openSUSE-SU-2018:0826-1
Mitre CVE-2017-12794
SUSE CVE-2017-12794
SUSE-SU-2018:0973-1
SUSE-SU-2018:1102-1
openSUSE-SU-2018:0632-1
openSUSE-SU-2018:0824-1
openSUSE-SU-2018:0826-1
Platform(s):openSUSE Leap 42.3
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE Package Hub for SUSE Linux Enterprise 12
Product(s):
Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND python-Django-1.11.10-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND python-Django-1.8.19-3.4.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND python-Django-1.8.19-3.6 is installed
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • python-Django-1.8.19-6.4 is installed
  • AND python-Django is signed with openSUSE key
  • OR
  • python3-Django-1.8.19-5.3 is installed
  • AND python3-Django is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • python36-Django-3.2.7-2.3 is installed
  • OR python38-Django-3.2.7-2.3 is installed
  • OR python39-Django-3.2.7-2.3 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND python-Django-1.11.10-5.1 is installed
    • BACK