QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-7233

Back to search

CVE-2017-7233

Published: Apr 4, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

VendorProductVersions

n/a

n/a

affected
n/a

References

1038177
vdb-entry
x_refsource_SECTRACK
RHSA-2017:1596
vendor-advisory
x_refsource_REDHAT
97406
vdb-entry
x_refsource_BID
RHSA-2017:3093
vendor-advisory
x_refsource_REDHAT
DSA-3835
vendor-advisory
x_refsource_DEBIAN
RHSA-2017:1445
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1451
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2927
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1470
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1462
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now