CVE-2025-48432 (Medium) detected in Django-4.2.19-py3-none-any.whl

[mend-bolt-for-github]

CVE-2025-48432 - Medium Severity Vulnerability

Vulnerable Library - Django-4.2.19-py3-none-any.whl

A high-level Python web framework that encourages rapid development and clean, pragmatic design.

Library home page: https://files.pythonhosted.org/packages/14/db/6fc8c55f3b482776ac245623cd713b00ba894ad8f32cf438a40d9f1ea29e/Django-4.2.19-py3-none-any.whl

Path to dependency file: /tmp/ws-scm/django-extra-field-validation

Path to vulnerable library: /tmp/ws-scm/django-extra-field-validation

Dependency Hierarchy:

• ❌ Django-4.2.19-py3-none-any.whl (Vulnerable Library)

Found in base branch: main

Vulnerability Details

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

Publish Date: 2025-06-05

URL: CVE-2025-48432

CVSS 3 Score Details (4.0)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.djangoproject.com/weblog/2025/jun/04/security-releases/

Release Date: 2025-06-05

Fix Resolution: 4.2.22

---

Step up your Open Source Security Game with Mend here