Django@1.10.4 Security Vulnerabilities and Issues — Django@1.10.4 CVE List

Lucene search

DjangoprojectDjango1.10.4

3 matches found

CVE•added 2017/04/04 5:59 p.m.•449 views

CVE-2017-7233

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs "safe" when they shouldn't be, aka an open...

6.1CVSS6AI score0.00747EPSS

CVE•added 2017/09/07 1:29 p.m.•163 views

CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shoul...

6.1CVSS5.8AI score0.14723EPSS

CVE•added 2017/04/04 5:59 p.m.•132 views

CVE-2017-7234

A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the django.views.static.serve() view could redirect to any other domain, aka an open redirect vulnerability.

6.1CVSS6.1AI score0.00422EPSS