GHSA-7xr5-9hcq-chf9 - MODERATE Vulnerability | GeekWala
Loading...
Skip to main content
GeekWala

GHSA-7xr5-9hcq-chf9

MODERATE

Django Improper Output Neutralization for Logs vulnerability

Published June 5, 2025Updated February 4, 2026Source: osv

Details

An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

Remediation

Upgrade to the fixed version using your package manager.

pip
Update django to 5.1.10 or later
pip install "django>=5.1.10"
pip
Update django to 5.2.2 or later
pip install "django>=5.2.2"
pip
Update django to 4.2.22 or later
pip install "django>=4.2.22"

After upgrading, run your dependency scanner again to confirm the vulnerability is resolved.

Affected Packages (3)

PackageEcosystemAffectedFixed In
django
PyPI
5.0, 5.0.1, 5.0.10, 5.0.11 (+27 more)5.1.10
django
PyPI
5.2, 5.2.15.2.2
django
PyPI
1.0.1, 1.0.2, 1.0.3, 1.0.4 (+354 more)4.2.22

Vulnerability Classification

Common Weakness Enumeration (CWE) identifiers for this vulnerability type.

CVSS Score Breakdown

What the CVSS (Common Vulnerability Scoring System) 3.1 score means for each attack dimension.

Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

References

Risk Assessment

CVSS Score
3.1

Exploitation is difficult or impact is minor. Address in your next planned update.

EPSS Score (30-day exploit probability)
0.15%
Higher than 35% of vulnerabilities

Also Known As

BIT-django-2025-48432
CVE-2025-48432
PYSEC-2025-47

Check if you're affected

Scan your dependencies to see if this vulnerability affects your projects.

Scan Your Dependencies