CVE-2017-7233

🗓️ 04 Apr 2017 17:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 476 Views🌐 WEB

CVE-2017-7233: Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 open redirect vulnerabilit

Reporter	Title	Published	Views	Family All 141
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 1.8.18-alt1	12 Apr 201700:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package python3-module-django version 1.8.18-alt1	12 Apr 201700:00	–	altlinux
AlpineLinux	CVE-2017-7233	4 Apr 201717:00	–	alpinelinux
ArchLinux	[ASA-201704-1] python2-django: multiple issues	6 Apr 201700:00	–	archlinux
ArchLinux	[ASA-201704-2] python-django: multiple issues	6 Apr 201700:00	–	archlinux
CNVD	LastPass Isolated World Global Properties Remote Code Execution Vulnerability	24 May 201700:00	–	cnvd
CNVD	Django 'django.contrib.auth.views.login()' function open redirect vulnerability	24 May 201700:00	–	cnvd
Cvelist	CVE-2017-7233	4 Apr 201717:00	–	cvelist
FreeBSD	django -- multiple vulnerabilities	4 Apr 201700:00	–	freebsd
Debian	[SECURITY] [DLA 885-1] python-django security update	5 Apr 201709:07	–	debian

NVD

Node

djangoproject djangoMatch1.8.0

djangoproject djangoMatch1.8.0a1

djangoproject djangoMatch1.8.0b1

djangoproject djangoMatch1.8.0b2

djangoproject djangoMatch1.8.0c1

djangoproject djangoMatch1.8.1

djangoproject djangoMatch1.8.2

djangoproject djangoMatch1.8.3

djangoproject djangoMatch1.8.4

djangoproject djangoMatch1.8.5

djangoproject djangoMatch1.8.6

djangoproject djangoMatch1.8.7

djangoproject djangoMatch1.8.8

djangoproject djangoMatch1.8.9

djangoproject djangoMatch1.8.10

djangoproject djangoMatch1.8.11

djangoproject djangoMatch1.8.12

djangoproject djangoMatch1.8.13

djangoproject djangoMatch1.8.14

djangoproject djangoMatch1.8.15

djangoproject djangoMatch1.8.16

djangoproject djangoMatch1.8.17

djangoproject djangoMatch1.9

djangoproject djangoMatch1.9a1

djangoproject djangoMatch1.9b1

djangoproject djangoMatch1.9rc1

djangoproject djangoMatch1.9rc2

djangoproject djangoMatch1.9.1

djangoproject djangoMatch1.9.2

djangoproject djangoMatch1.9.3

djangoproject djangoMatch1.9.4

djangoproject djangoMatch1.9.5

djangoproject djangoMatch1.9.6

djangoproject djangoMatch1.9.7

djangoproject djangoMatch1.9.8

djangoproject djangoMatch1.9.9

djangoproject djangoMatch1.9.10

djangoproject djangoMatch1.9.11

djangoproject djangoMatch1.9.12

djangoproject djangoMatch1.10.0

djangoproject djangoMatch1.10.0a1

djangoproject djangoMatch1.10.0b1

djangoproject djangoMatch1.10.0rc1

djangoproject djangoMatch1.10.1

djangoproject djangoMatch1.10.2

djangoproject djangoMatch1.10.3

djangoproject djangoMatch1.10.4

djangoproject djangoMatch1.10.5

djangoproject djangoMatch1.10.6

Source	Link
access	www.access.redhat.com/errata/RHSA-2018:2927
access	www.access.redhat.com/errata/RHSA-2017:1470
debian	www.debian.org/security/2017/dsa-3835
access	www.access.redhat.com/errata/RHSA-2017:1445
access	www.access.redhat.com/errata/RHSA-2017:1462
securitytracker	www.securitytracker.com/id/1038177
access	www.access.redhat.com/errata/RHSA-2017:3093
access	www.access.redhat.com/errata/RHSA-2017:1596
access	www.access.redhat.com/errata/RHSA-2017:1451
djangoproject	www.djangoproject.com/weblog/2017/apr/04/security-releases/

Parameter	Position	Path	Description	CWE
url	query param	bypassIsUrlSafeCheck	Bypass is_safe_url by passing an unsafe URL (using non-http URL forms or IP-decimal representations) to trigger a redirect to an external site.	CWE-601
next	query param	admin/login/	Admin login redirect uses is_safe_url on the next parameter; unsafe values can cause open redirect/XSS if not properly validated.	CWE-601

13 May 2026 00:24Current

6Medium risk

Vulners AI Score6

CVSS 25.8

CVSS 36.1

EPSS0.00747

CWE-601