CVE-2017-7233 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Cross-site scripting |
Description | Django relies on user input in some cases (e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an “on success” URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs (e.g. http:999999999) “safe” when they shouldn’t be. Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-233 | python-django, python2-django | 1.10.3-2 | 1.11-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
06 Apr 2017 | ASA-201704-2 | AVG-233 | python-django | Medium | multiple issues |
06 Apr 2017 | ASA-201704-1 | AVG-233 | python2-django | Medium | multiple issues |
References |
---|
https://docs.djangoproject.com/en/dev/releases/1.11 |