CVE-2011-4139

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2011-4139
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2011-4139.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2011-4139
Aliases
Downstream
Withdrawn
2026-01-27T04:12:56.068637Z
Published
2011-10-19T10:55:04Z
Modified
2026-01-27T04:12:56.068637Z
Summary
[none]
Details

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.

References

Affected packages