CVE-2014-3730
published 2014-05-16CVE-2014-3730: The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
3.12%
86.2th percentile
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | python-django | < python-django 1.6.5-1 (bookworm) | python-django 1.6.5-1 (bookworm) |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Django: insufficient URL validation could lead to redirects
vendor_redhat·2014-05-14·CVSS 4.3
CVE-2014-3730 [MEDIUM] CWE-20 Django: insufficient URL validation could lead to redirects
Django: insufficient URL validation could lead to redirects
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
Package: Django (Red Hat OpenStack Platform 3) - Will not fix
Package: Django (Red Hat OpenStack Platform 4) - Will not fix
Package: Django (Red Hat Subscription Asset Manager) - Will not fix
Debian
CVE-2014-3730: python-django - The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 befor...
vendor_debian·2014·CVSS 4.3
CVE-2014-3730 [MEDIUM] CVE-2014-3730: python-django - The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 befor...
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
Scope: local
bookworm: resolved (fixed in 1.6.5-1)
bullseye: resolved (fixed in 1.6.5-1)
forky: resolved (fixed in 1.6.5-1)
sid: resolved (fixed in 1.6.5-1)
trixie: resolved (fixed in 1.6.5-1)
GHSA
Django Allows Open Redirects
ghsa·2022-05-14
CVE-2014-3730 [HIGH] CWE-20 Django Allows Open Redirects
Django Allows Open Redirects
The `django.util.http.is_safe_url` function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
OSV
Django Allows Open Redirects
osv·2022-05-14
CVE-2014-3730 [HIGH] Django Allows Open Redirects
Django Allows Open Redirects
The `django.util.http.is_safe_url` function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
OSV
CVE-2014-3730: The django
osv·2014-05-16·CVSS 4.3
CVE-2014-3730 [MEDIUM] CVE-2014-3730: The django
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.htmlhttp://secunia.com/advisories/61281http://ubuntu.com/usn/usn-2212-1http://www.debian.org/security/2014/dsa-2934http://www.openwall.com/lists/oss-security/2014/05/14/10http://www.openwall.com/lists/oss-security/2014/05/15/3http://www.securityfocus.com/bid/67410https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.htmlhttp://secunia.com/advisories/61281http://ubuntu.com/usn/usn-2212-1http://www.debian.org/security/2014/dsa-2934http://www.openwall.com/lists/oss-security/2014/05/14/10http://www.openwall.com/lists/oss-security/2014/05/15/3http://www.securityfocus.com/bid/67410https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
2014-05-16
Published