CVE-2026-53878
Gravedad CVSS v4.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
07/07/2026
Última modificación:
07/07/2026
Descripción
*** Pendiente de traducción *** An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.<br />
`DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because `HttpResponse` prohibits newlines in HTTP headers.<br />
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.<br />
Django would like to thank Bence Nagy for reporting this issue.
Impacto
Puntuación base 4.0
5.30
Gravedad 4.0
MEDIA
Puntuación base 3.x
6.10
Gravedad 3.x
MEDIA



