CVE-2018-14574

Опубликовано: 03 авг. 2018

Источник: debian

EPSS Средний

Описание

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

Пакет	Статус	Версия исправления	Релиз	Тип
python-django	fixed	1:1.11.15-1		package
python-django	not-affected		jessie	package

https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
https://github.com/django/django/commit/a656a681272f8f3734b6eb38e9a88aa0d91806f1 (master)
https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c (2.1 release branch)
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff (1.11 release branch)
https://github.com/django/django/commit/434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (vuln. introduced here?)

EPSS

Процентиль: 94%

0.14743

Средний

CVE-2018-14574

CVSS3: 6.1

ubuntu

почти 7 лет назад

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

CVE-2018-14574

CVSS3: 4.7

redhat

почти 7 лет назад

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

CVE-2018-14574

CVSS3: 6.1

nvd

почти 7 лет назад

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

openSUSE-SU-2018:2488-2

suse-cvrf

почти 7 лет назад

Security update for python-Django

openSUSE-SU-2018:2488-1

suse-cvrf

почти 7 лет назад

Security update for python-Django

EPSS

Процентиль: 94%

0.14743

Средний