CVE-2017-7234 — Open Redirect in Django

CWE-601 — Open Redirect10 documents8 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 46.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django

Timeline

PublishedApr 4

Latest updateJan 4

Description

A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶PyPIdjangoproject/django1.10 — 1.10.7+2

▶NVDdjangoproject/django38 versions+37

🔴Vulnerability Details

GHSA

Django open redirect↗2019-01-04

▶

OSV

Django open redirect↗2019-01-04

▶

OSV

CVE-2017-7234: A maliciously crafted URL to a Django (1↗2017-04-04

▶

CVEList

CVE-2017-7234: A maliciously crafted URL to a Django (1↗2017-04-04

▶

OSV

python-django vulnerabilities↗2017-04-04

▶

📋Vendor Advisories

Red Hat

python-django: Open redirect vulnerability in django.views.static.serve()↗2017-04-04

▶

Ubuntu

Django vulnerabilities↗2017-04-04

▶

Debian

CVE-2017-7234: python-django - A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, an...↗2017

▶

💬Community

Bugzilla

CVE-2017-7234 python-django: Open redirect vulnerability in django.views.static.serve()↗2017-03-29

▶