GHSA-9X43-5QCQ-H79Q Django Grappelli Open Redirect vulnerability

views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...

PT-2023-12618 · Unknown · Django-Grappelli

Name of the Vulnerable Software and Affected Versions: django-grappelli versions prior to 2.15.2 Description: The issue arises from the views/switch.py file in django-grappelli, which attempts to prevent external redirection by checking if a URL starts with /. However, this approach does not...