Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-14574Open Redirect in Django

CWE-601Open Redirect13 documents9 sources
Severity
6.1MEDIUMNVD
EPSS
7.5%
top 8.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Djangoproject DjangoCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedAug 3
Latest updateOct 4

Description

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDdjangoproject/django1.111.11.15+1
PyPIdjangoproject/django2.02.0.8+1

Also affects: Debian Linux 9.0, Ubuntu Linux 18.04

Patches

Patch: www.djangoproject.comPatch: www.djangoproject.com

🔴Vulnerability Details

4
GHSA
Django open redirect2018-10-04
OSV
Django open redirect2018-10-04
OSV
CVE-2018-14574: django2018-08-03
CVEList
CVE-2018-14574: django2018-08-03

💥Exploits & PoCs

1
Nuclei
Django - Open Redirect

📋Vendor Advisories

3
Ubuntu
Django vulnerability2018-08-01
Red Hat
django: Open redirect possibility in CommonMiddleware2018-08-01
Debian
CVE-2018-14574: python-django - django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2....2018

💬Community

4
Bugzilla
CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [epel-7]2018-08-02
Bugzilla
CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [fedora-all]2018-08-02
Bugzilla
CVE-2018-14574 python-django16: django: Open redirect possibility in CommonMiddleware [epel-7]2018-08-02
Bugzilla
CVE-2018-14574 django: Open redirect possibility in CommonMiddleware2018-07-26
CVE-2018-14574 — Open Redirect in Djangoproject Django | cvebase