CVE-2017-12794
CVE-2017-12794
Vexday Risk Score
23Baixo
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
Maturidade do exploit
Exploit funcional
Exploit automatizável disponível (Nuclei/Metasploit).
CVSS —EPSS 23.6%KEV nãoPoC —Nuclei simMetasploit —Patch referenciado
Ciclo de vida
07 set 2017Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
Produtos afetados
n/a · n/a