CVE-2014-3730 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=1.4 <1.4.13 || >=1.5 <1.5.8 || >=1.6 <1.6.5 || >=1.7a1 <1.7b4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

EPSS: 0.00988 pctl0.75986

Details

Django Allows Open Redirects The `django.util.http.is_safe_url` function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

Metadata

Created: 2022-05-14T02:09:43Z
Modified: 2024-09-18T19:43:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vq3h-3q7v-9prw/GHSA-vq3h-3q7v-9prw.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-vq3h-3q7v-9prw
Finding: F184
Auto approve: 1