2 matches found
CVE-2017-7234
A maliciously crafted URL to a Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 site using the django.views.static.serve view could redirect to any other domain, aka an open redirect vulnerability...
django -- multiple vulnerabilities
Django team reports: These release addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. Open redirect and possible XSS attack via user-supplied numeric redirect URLs Open redirect vulnerability in django.views.static.serve...