CVE-2015-0220
published 2015-01-16CVE-2015-0220: The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
3.03%
85.8th percentile
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | python-django | < python-django 1.7.1-1.1 (bookworm) | python-django 1.7.1-1.1 (bookworm) |
| djangoproject | django | <= 1.4.17 | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | — | — |
| djangoproject | django | >= 0 < 1.4.18 | 1.4.18 |
| djangoproject | django | >= 1.6 < 1.6.10 | 1.6.10 |
| djangoproject | django | >= 1.7 < 1.7.3 | 1.7.3 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_ubuntu5.0MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Django regression
vendor_ubuntu·2015-02-04·CVSS 5.0
CVE-2015-0221 [MEDIUM] Django regression
Title: Django regression
Summary: USN-2469-1 caused a regression in Django.
USN-2469-1 fixed vulnerabilities in Django. The security fix for
CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04
LTS when serving static content through GZipMiddleware. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Jedediah Smith discovered that Django incorrectly handled underscores in
WSGI headers. A remote attacker could possibly use this issue to spoof
headers in certain environments. (CVE-2015-0219)
Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2015-0220)
Alex Gaynor discovered that Django incorre
Red Hat
Django: Mitigated possible XSS attack via user-supplied redirect URLs
vendor_redhat·2015-01-13·CVSS 4.3
CVE-2015-0220 [MEDIUM] CWE-79 Django: Mitigated possible XSS attack via user-supplied redirect URLs
Django: Mitigated possible XSS attack via user-supplied redirect URLs
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
Package: python-django (Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)) - Not affected
Package: python-django (Red Hat Enterprise Linux OpenStack Platform 6 (Juno)) - Not affected
Package: Django14 (Red Hat OpenStack Platform 4) - Not affected
Package: Django (Red Hat Subscription Asset Manager) - Not affected
Ubuntu
Django vulnerabilities
vendor_ubuntu·2015-01-13·CVSS 5.0
CVE-2015-0219 [MEDIUM] Django vulnerabilities
Title: Django vulnerabilities
Summary: Several security issues were fixed in Django.
Jedediah Smith discovered that Django incorrectly handled underscores in
WSGI headers. A remote attacker could possibly use this issue to spoof
headers in certain environments. (CVE-2015-0219)
Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2015-0220)
Alex Gaynor discovered that Django incorrectly handled reading files in
django.views.static.serve(). A remote attacker could possibly use this
issue to cause Django to consume resources, resulting in a denial of
service. (CVE-2015-0221)
Keryn Knight discovered that Django incorrectly handled forms with
ModelMultipleChoiceFi
Debian
CVE-2015-0220: python-django - The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before ...
vendor_debian·2015·CVSS 4.3
CVE-2015-0220 [MEDIUM] CVE-2015-0220: python-django - The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before ...
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
Scope: local
bookworm: resolved (fixed in 1.7.1-1.1)
bullseye: resolved (fixed in 1.7.1-1.1)
forky: resolved (fixed in 1.7.1-1.1)
sid: resolved (fixed in 1.7.1-1.1)
trixie: resolved (fixed in 1.7.1-1.1)
OSV
Django Cross-site Scripting Vulnerability
osv·2022-05-17
CVE-2015-0220 [MEDIUM] Django Cross-site Scripting Vulnerability
Django Cross-site Scripting Vulnerability
The `django.util.http.is_safe_url` function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a `\njavascript:` URL.
GHSA
Django Cross-site Scripting Vulnerability
ghsa·2022-05-17
CVE-2015-0220 [MEDIUM] CWE-79 Django Cross-site Scripting Vulnerability
Django Cross-site Scripting Vulnerability
The `django.util.http.is_safe_url` function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a `\njavascript:` URL.
OSV
CVE-2015-0220: The django
osv·2015-01-16·CVSS 4.3
CVE-2015-0220 [MEDIUM] CVE-2015-0220: The django
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
OSV
python-django vulnerabilities
osv·2015-01-13·CVSS 5.0
CVE-2015-0219 [MEDIUM] python-django vulnerabilities
python-django vulnerabilities
Jedediah Smith discovered that Django incorrectly handled underscores in
WSGI headers. A remote attacker could possibly use this issue to spoof
headers in certain environments. (CVE-2015-0219)
Mikko Ohtamaa discovered that Django incorrectly handled user-supplied
redirect URLs. A remote attacker could possibly use this issue to perform a
cross-site scripting attack. (CVE-2015-0220)
Alex Gaynor discovered that Django incorrectly handled reading files in
django.views.static.serve(). A remote attacker could possibly use this
issue to cause Django to consume resources, resulting in a denial of
service. (CVE-2015-0221)
Keryn Knight discovered that Django incorrectly handled forms with
ModelMultipleChoiceField. A remote attacker could possibly use this issue
to
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-0220 python-django14: Django: Mitigated possible XSS attack via user-supplied redirect URLs [fedora-20]
bugzilla·2015-01-14·CVSS 4.3
CVE-2015-0220 [MEDIUM] CVE-2015-0220 python-django14: Django: Mitigated possible XSS attack via user-supplied redirect URLs [fedora-20]
CVE-2015-0220 python-django14: Django: Mitigated possible XSS attack via user-supplied redirect URLs [fedora-20]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
fedora-20 tracking bu
Bugzilla
CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [epel-7]
bugzilla·2015-01-14·CVSS 4.3
CVE-2015-0220 [MEDIUM] CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [epel-7]
CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug f
Bugzilla
CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [fedora-all]
bugzilla·2015-01-14·CVSS 4.3
CVE-2015-0220 [MEDIUM] CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [fedora-all]
CVE-2015-0220 python-django: Django: Mitigated possible XSS attack via user-supplied redirect URLs [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affec
Bugzilla
CVE-2015-0220 Django14: Django: Mitigated possible XSS attack via user-supplied redirect URLs [epel-6]
bugzilla·2015-01-14·CVSS 4.3
CVE-2015-0220 [MEDIUM] CVE-2015-0220 Django14: Django: Mitigated possible XSS attack via user-supplied redirect URLs [epel-6]
CVE-2015-0220 Django14: Django: Mitigated possible XSS attack via user-supplied redirect URLs [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 tracking bug for Dj
Bugzilla
CVE-2015-0220 Django: Mitigated possible XSS attack via user-supplied redirect URLs
bugzilla·2015-01-07·CVSS 4.3
CVE-2015-0220 [MEDIUM] CVE-2015-0220 Django: Mitigated possible XSS attack via user-supplied redirect URLs
CVE-2015-0220 Django: Mitigated possible XSS attack via user-supplied redirect URLs
The Django project reports the following issue:
"""
Django relies on user input in some cases (e.g. ``django.contrib.auth.views.login()`` and i18n) to redirect the user to an "on success" URL. The security checks for these redirects (namely ``django.util.http.is_safe_url()``) didn't strip leading whitespace on the tested URL and as such considered URLs like ``\njavascript:...`` safe. If a developer relied on ``is_safe_url()`` to provide safe redirect targets and put such a URL into a link, they could suffer from a XSS attack. This bug doesn't affect Django currently, since we only put this URL into the ``Location`` response header and browsers seem to ignore JavaScript there.
"""
This issue is resolved i
http://advisories.mageia.org/MGASA-2015-0026.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00035.htmlhttp://secunia.com/advisories/62285http://secunia.com/advisories/62309http://secunia.com/advisories/62718http://ubuntu.com/usn/usn-2469-1http://www.mandriva.com/security/advisories?name=MDVSA-2015:036http://www.mandriva.com/security/advisories?name=MDVSA-2015:109https://www.djangoproject.com/weblog/2015/jan/13/security/http://advisories.mageia.org/MGASA-2015-0026.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148485.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148608.htmlhttp://lists.opensuse.org/opensuse-updates/2015-04/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2015-09/msg00035.htmlhttp://secunia.com/advisories/62285http://secunia.com/advisories/62309http://secunia.com/advisories/62718http://ubuntu.com/usn/usn-2469-1http://www.mandriva.com/security/advisories?name=MDVSA-2015:036http://www.mandriva.com/security/advisories?name=MDVSA-2015:109https://www.djangoproject.com/weblog/2015/jan/13/security/
2015-01-16
Published