Primary

Context

Django Log Injection Vulnerability via Unescaped Request Path

Vulnerability

Patched

A log injection vulnerability has been identified in Django versions 5.2 prior to 5.2.2, 5.1 prior to 5.1.10, and 4.2 prior to 4.2.22. The issue arises because internal HTTP response logging does not properly escape the request path, allowing remote attackers to manipulate log output with crafted URLs. This could lead to log injection or forgery, particularly when logs are viewed in terminals or processed by external systems.

Impact

Exploitation of this vulnerability could result in log injection or forgery, allowing attackers to manipulate how log entries appear or are structured, with potential consequences for any systems that process these logs or for users viewing them in a terminal.

Remediation

Users can upgrade to Django versions 5.2.2, 5.1.10, or 4.2.22 to address this vulnerability.

Added: Jun 5, 2025, 11:34 PM

Updated: Jun 6, 2025, 12:08 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Django Log Injection Vulnerability via Unescaped Request Path

Vulnerability

Impact

Remediation

Affected Products

Django

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating