CVE-2017-7234
Published: 4 April 2017
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
Priority
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
precise |
Released
(1.3.1-4ubuntu1.23)
|
trusty |
Released
(1.6.11-0ubuntu1.1)
|
|
upstream |
Released
(1.8.18)
|
|
xenial |
Released
(1.8.7-1ubuntu5.5)
|
|
yakkety |
Released
(1.8.7-1ubuntu8.2)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |