CVE-2018-14574 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Open redirect |
Description | If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-746 | python2-django | 1.11.13-1 | 1.11.15-1 | Medium | Fixed | |
AVG-743 | python-django | 2.0.7-2 | 2.0.8-1 | Medium | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
03 Aug 2018 | ASA-201808-3 | AVG-746 | python2-django | Medium | open redirect |
01 Aug 2018 | ASA-201808-1 | AVG-743 | python-django | Medium | open redirect |
References |
---|
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525 |