Django Allows Open Redirects

🗓️ 14 May 2022 02:09:43Reported by GitHub Advisory DatabaseType

Django Open Redirect Vulnerability in is_safe_url function

Reporter	Title	Published	Views	Family All 45
IBM Security Bulletins	Security Bulletin: SmartCloud Provisioning - Django vulnerabilities reported in May 2014 X-Force Report	17 Jun 201822:30	–	ibm
CVE	CVE-2014-3730	16 May 201415:00	–	cve
Cvelist	CVE-2014-3730	16 May 201415:00	–	cvelist
Debian	[SECURITY] [DSA 2934-1] python-django security update	19 May 201420:39	–	debian
Debian	[SECURITY] [DSA 2934-1] python-django security update	19 May 201420:39	–	debian
Debian CVE	CVE-2014-3730	16 May 201415:00	–	debiancve
Tenable Nessus	Debian DSA-2934-1 : python-django - security update	20 May 201400:00	–	nessus
Tenable Nessus	Fedora 20 : python-django15-1.5.8-1.fc20 (2014-6440)	27 May 201400:00	–	nessus
Tenable Nessus	Fedora 20 : python-django14-1.4.13-1.fc20 (2014-6442)	27 May 201400:00	–	nessus
Tenable Nessus	Fedora 20 : python-django-1.6.5-1.fc20 (2014-6449)	27 May 201400:00	–	nessus

Vulners

Node

django_project djangoRange1.7a1–1.7b4pip

django_project djangoRange1.4–1.4.13pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-3730
lists	www.lists.opensuse.org/opensuse-updates/2014-09/msg00023.html
ubuntu	www.ubuntu.com/usn/usn-2212-1
debian	www.debian.org/security/2014/dsa-2934
openwall	www.openwall.com/lists/oss-security/2014/05/14/10
openwall	www.openwall.com/lists/oss-security/2014/05/15/3
github	www.github.com/django/django/commit/601107524523bca02376a0ddc1a06c6fdb8f22f3
github	www.github.com/django/django/commit/7feb54bbae3f637ab3c4dd4831d4385964f574df
github	www.github.com/django/django/commit/ad32c218850ad40972dcef57beb460f8c979dd6d
web	www.web.archive.org/web/20200228171223/http://www.securityfocus.com/bid/67410

18 Sep 2024 19:43Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24.3

EPSS0.00988