django-embed-video@0.1.0 vulnerabilities

Django app for easy embedding YouTube and Vimeo videos and music from SoundCloud.

Direct Vulnerabilities

Known vulnerabilities in the django-embed-video package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Open Redirect

django-embed-video is for easy embeding YouTube and Vimeo videos and music fromSoundCloud.

Affected versions of this package are vulnerable to Open Redirect attacks due to no detection of faked urls.

[,0.3)
  • M
Open Redirect

django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Open Redirect. It relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

How to fix Open Redirect?

Upgrade django to version 1.8.18, 1.9.13, 1.10.7 or higher.

[,0.3)