Your submission was sent successfully! Close

CVE-2018-14574

Published: 1 August 2018

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

Notes

AuthorNote
mdeslaur
xenial and earlier don't look vulnerable as they will always
convert relative redirects to an absolute URI. This was changed
by the following commit in later releases:
https://github.com/django/django/commit/a0c2eb46dd5a782c11c44f13c8efad2778be1641
Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
bionic
Released (1:1.11.11-1ubuntu1.1)
precise Does not exist

trusty Not vulnerable
(1.6.11-0ubuntu1.2)
upstream
Released (1.11.15)
xenial Not vulnerable
(1.8.7-1ubuntu5.6)