Improper Input Validation Affecting python-django package, versions <1.6.5-1


0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required

    Threat Intelligence

    EPSS 0.45% (75th percentile)
Expand this section
NVD
4.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN11-PYTHONDJANGO-533060
  • published 16 May 2014
  • disclosed 16 May 2014

How to fix?

Upgrade Debian:11 python-django to version 1.6.5-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-django package and not the python-django package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\djangoproject.com."