CVE-2014-0480 — Improper Input Validation in Django
Severity
5.8MEDIUMNVD
EPSS
0.6%
top 31.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 26
Latest updateMay 14
Description
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
CVSS vector
AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
5📋Vendor Advisories
3💬Community
7Bugzilla
▶
Bugzilla▶
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django: various flaws [fedora-all]↗2014-08-22
Bugzilla▶
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [epel-6]↗2014-08-22
Bugzilla▶
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [fedora-20]↗2014-08-22
Bugzilla▶
CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 python-django15: various flaws [epel-7]↗2014-08-22