CVE-2014-0474
The MITRE CVE dictionary describes this issue as:
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."
Find out more about CVE-2014-0474 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 4.0 (Django14) | RHSA-2014:0456 | 2014-04-30 |
| Red Hat Enterprise Linux OpenStack Platform 3.0 (Django14) | RHSA-2014:0457 | 2014-04-30 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | Django | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 4.0 | Django | Will not fix |
| Red Hat Enterprise Linux OpenStack Platform 3.0 | Django | Will not fix |
Acknowledgements
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges the Ruby on Rails team, and specifically Michael Koziarski, as the original reporters.CVE description copyright © 2017, The MITRE Corporation