Django vulnerabilities

2017-04-04T00:00:00
ID USN-3254-1
Type ubuntu
Reporter Ubuntu
Modified 2017-04-04T00:00:00

Description

It was discovered that Django incorrectly handled numeric redirect URLs. A
remote attacker could possibly use this issue to perform XSS attacks, and
to use a Django server as an open redirect. (CVE-2017-7233)

Phithon Gong discovered that Django incorrectly handled certain URLs when
the jango.views.static.serve() view is being used. A remote attacker could
possibly use a Django server as an open redirect. (CVE-2017-7234)