CVE-2017-7233

🗓️ 04 Apr 2017 17:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 481 Views🌐 WEB

CVE-2017-7233: Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 open redirect vulnerabilit

Reporter	Title	Published	Views	Family All 141
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 1.8.18-alt1	12 Apr 201700:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package python3-module-django version 1.8.18-alt1	12 Apr 201700:00	–	altlinux
AlpineLinux	CVE-2017-7233	4 Apr 201717:00	–	alpinelinux
ArchLinux	[ASA-201704-1] python2-django: multiple issues	6 Apr 201700:00	–	archlinux
ArchLinux	[ASA-201704-2] python-django: multiple issues	6 Apr 201700:00	–	archlinux
CNVD	LastPass Isolated World Global Properties Remote Code Execution Vulnerability	24 May 201700:00	–	cnvd
CNVD	Django 'django.contrib.auth.views.login()' function open redirect vulnerability	24 May 201700:00	–	cnvd
Cvelist	CVE-2017-7233	4 Apr 201717:00	–	cvelist
FreeBSD	django -- multiple vulnerabilities	4 Apr 201700:00	–	freebsd
Debian	[SECURITY] [DLA 885-1] python-django security update	5 Apr 201709:07	–	debian

NVD

Node

djangoproject djangoMatch1.8.0

djangoproject djangoMatch1.8.0a1

djangoproject djangoMatch1.8.0b1

djangoproject djangoMatch1.8.0b2

djangoproject djangoMatch1.8.0c1

djangoproject djangoMatch1.8.1

djangoproject djangoMatch1.8.2

djangoproject djangoMatch1.8.3

djangoproject djangoMatch1.8.4

djangoproject djangoMatch1.8.5

djangoproject djangoMatch1.8.6

djangoproject djangoMatch1.8.7

djangoproject djangoMatch1.8.8

djangoproject djangoMatch1.8.9

djangoproject djangoMatch1.8.10

djangoproject djangoMatch1.8.11

djangoproject djangoMatch1.8.12

djangoproject djangoMatch1.8.13

djangoproject djangoMatch1.8.14

djangoproject djangoMatch1.8.15

djangoproject djangoMatch1.8.16

djangoproject djangoMatch1.8.17

djangoproject djangoMatch1.9

djangoproject djangoMatch1.9a1

djangoproject djangoMatch1.9b1

djangoproject djangoMatch1.9rc1

djangoproject djangoMatch1.9rc2

djangoproject djangoMatch1.9.1

djangoproject djangoMatch1.9.2

djangoproject djangoMatch1.9.3

djangoproject djangoMatch1.9.4

djangoproject djangoMatch1.9.5

djangoproject djangoMatch1.9.6

djangoproject djangoMatch1.9.7

djangoproject djangoMatch1.9.8

djangoproject djangoMatch1.9.9

djangoproject djangoMatch1.9.10

djangoproject djangoMatch1.9.11

djangoproject djangoMatch1.9.12

djangoproject djangoMatch1.10.0

djangoproject djangoMatch1.10.0a1

djangoproject djangoMatch1.10.0b1

djangoproject djangoMatch1.10.0rc1

djangoproject djangoMatch1.10.1

djangoproject djangoMatch1.10.2

djangoproject djangoMatch1.10.3

djangoproject djangoMatch1.10.4

djangoproject djangoMatch1.10.5

djangoproject djangoMatch1.10.6

Source	Link
access	www.access.redhat.com/errata/RHSA-2018:2927
access	www.access.redhat.com/errata/RHSA-2017:1470
debian	www.debian.org/security/2017/dsa-3835
access	www.access.redhat.com/errata/RHSA-2017:1445
access	www.access.redhat.com/errata/RHSA-2017:1462
securitytracker	www.securitytracker.com/id/1038177
access	www.access.redhat.com/errata/RHSA-2017:3093
access	www.access.redhat.com/errata/RHSA-2017:1596
access	www.access.redhat.com/errata/RHSA-2017:1451
djangoproject	www.djangoproject.com/weblog/2017/apr/04/security-releases/

Parameter	Position	Path	Description	CWE
url	query param	bypassIsUrlSafeCheck	Open redirect via flawed is_safe_url logic allowing unsafe numeric URL bypass to external site (e.g., google.com).	CWE-601

17 Jun 2026 01:23Current

6Medium risk

Vulners AI Score6

CVSS 25.8

CVSS 36.1

EPSS0.02384

CWE-601