CVE-2014-3730

Published: 16 May 2014

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

Priority

Medium

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.5-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.6.1-2ubuntu0.3)