CVE-2014-3730

Priority
Description
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5
before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly
validate URLs, which allows remote attackers to conduct open redirect
attacks via a malformed URL, as demonstrated by
"http:\\\djangoproject.com."
Notes
Package
Upstream:released (1.6.5-1)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.6.1-2ubuntu0.3)
More Information

Updated: 2020-01-29 19:49:51 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)