Django open redirect

🗓️ 04 Jan 2019 17:50:17Reported by GitHub Advisory DatabaseType

A malicious URL can redirect to any domain in Django 1.8 to 1.10.

Reporter	Title	Published	Views	Family All 108
ALT Linux	Security fix for the ALT Linux 10 package python3-module-django version 1.8.18-alt1	12 Apr 201700:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package python3-module-django version 1.8.18-alt1	12 Apr 201700:00	–	altlinux
AlpineLinux	CVE-2017-7234	4 Apr 201717:00	–	alpinelinux
ArchLinux	[ASA-201704-1] python2-django: multiple issues	6 Apr 201700:00	–	archlinux
ArchLinux	[ASA-201704-2] python-django: multiple issues	6 Apr 201700:00	–	archlinux
CNVD	Django 'django.views.static.serve()' function redirection vulnerability	5 Apr 201700:00	–	cnvd
CVE	CVE-2017-7234	4 Apr 201717:00	–	cve
Cvelist	CVE-2017-7234	4 Apr 201717:00	–	cvelist
FreeBSD	django -- multiple vulnerabilities	4 Apr 201700:00	–	freebsd
Debian	[SECURITY] [DLA 885-1] python-django security update	5 Apr 201709:07	–	debian

Vulners

Node

django_project djangoRange1.8–1.8.18pip

django_project djangoRange1.9–1.9.13pip

django_project djangoRange1.10–1.10.7pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-7234
github	www.github.com/advisories/GHSA-h4hv-m4h4-mhwg
debian	www.debian.org/security/2017/dsa-3835
web	www.web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177
web	www.web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401
github	www.github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037
github	www.github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29
github	www.github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4
djangoproject	www.djangoproject.com/weblog/2017/apr/04/security-releases
github	www.github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml

18 Sep 2024 14:44Current

6.4Medium risk

Vulners AI Score6.4

CVSS 25.8

CVSS 36.1

EPSS0.00258