Описание
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the django.views.static.serve() view could redirect to any other domain, aka an open redirect vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.8.7-1ubuntu11 |
| esm-infra-legacy/trusty | released | 1.6.11-0ubuntu1.1 |
| esm-infra/xenial | released | 1.8.7-1ubuntu5.5 |
| precise | released | 1.3.1-4ubuntu1.23 |
| trusty | released | 1.6.11-0ubuntu1.1 |
| trusty/esm | released | 1.6.11-0ubuntu1.1 |
| upstream | released | 1.8.18 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1.8.7-1ubuntu5.5 |
Показывать по
5.8 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...
5.8 Medium
CVSS2
6.1 Medium
CVSS3