CVE-2017-7234
Published: 04 April 2017
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
Priority
CVSS 3 base score: 6.1
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
Upstream |
Released
(1.8.18)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1.8.7-1ubuntu5.5)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(1.6.11-0ubuntu1.1)
|
|
Ubuntu 12.04 ESM (Precise Pangolin) |
Released
(1.3.1-4ubuntu1.23)
|