A maliciously crafted URL to a Django site using the serve() view could redirect to any other domain. The view no longer does any redirects as they don’t provide any known, useful functionality. Note, however, that this view has always carried a warning that it is not hardened for production use and should be used only as a development aid.
|06 Apr 2017||ASA-201704-2||AVG-233||python-django||Medium||multiple issues|
|06 Apr 2017||ASA-201704-1||AVG-233||python2-django||Medium||multiple issues|