Safety vulnerability ID: 35740
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Django versions 1.10.7, 1.9.13 and 1.8.18 include a fix for CVE-2017-7234: A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the 'django.views.static.serve()' view could redirect to any other domain, aka an open redirect vulnerability.
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
http://www.debian.org/security/2017/dsa-3835
http://www.securityfocus.com/bid/97401
http://www.securitytracker.com/id/1038177
Latest version: 5.0.4
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
CONFIRM:https://www.djangoproject.com/weblog/2017/apr/04/security-releases/: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
DEBIAN:DSA-3835: http://www.debian.org/security/2017/dsa-3835
BID:97401: http://www.securityfocus.com/bid/97401
SECTRACK:1038177: http://www.securitytracker.com/id/1038177
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application