CVE-2017-7233 log

Severity Medium
Remote Yes
Type Cross-site scripting
Django relies on user input in some cases (e.g. django.contrib.auth.views.login() and i18n) to redirect the user to an “on success” URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs (e.g. http:999999999) “safe” when they shouldn’t be.
Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
Group Package Affected Fixed Severity Status Ticket
AVG-233 python-django, python2-django 1.10.3-2 1.11-1 Medium Fixed
Date Advisory Group Package Severity Type
06 Apr 2017 ASA-201704-2 AVG-233 python-django Medium multiple issues
06 Apr 2017 ASA-201704-1 AVG-233 python2-django Medium multiple issues