Eric Saupe
Eric Saupe's Blog

Eric Saupe's Blog

Django Security Advisory: ImageField Abuse

Eric Saupe's photo
Eric Saupe

Published on Dec 20, 2013

1 min read

Subscribe to my newsletter and never miss my upcoming articles

A couple of weeks ago it came out that there is a flaw in Django's ImageField which could potentially allow for phising programs to be uploaded and grab cookies or do other malicious things. While there will be no fix in Django directly you still need to take precautions on how you serve and receive files uploaded by your users. Django has a page dedicated to fixing this exact issue. Head over to their security guide and read up on the fixes. They shouldn't be too hard and shouldn't affect any user experience. Just wanted to post and let everyone know of the vulnerability.
 
Share this