CVE-2015-0220

Priority
Description
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x
before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading
whitespaces, which allows remote attackers to conduct cross-site scripting
(XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated
by a "\njavascript:" URL.
Assigned-to
mdeslaur
Package
Upstream:released (1.6.10)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.1-2ubuntu0.6)
More Information

Updated: 2018-10-22 14:07:52 UTC (commit 03ef231d584286304e54ae60f0de485bd42f2da8)