<p>Upgrade <code>django-cms</code> to version 3.3.4, 3.4.3 or higher.</p>

Open Redirect Affecting django-cms package, versions [,3.3.4) [3.4.0,3.4.3)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-DJANGOCMS-2939285
published 1 Jul 2022
disclosed 1 Jul 2022
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 1 Jul 2022

CWE-601 Open this link in a new tab

How to fix?

Upgrade django-cms to version 3.3.4, 3.4.3 or higher.

Overview

Affected versions of this package are vulnerable to Open Redirect where the next parameter for the toolbar login is not sanitized and can point to another domain.

References

GitHub Commit
GitHub Commit

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

Required

Scope (S)

Unchanged

Confidentiality (C)

Low
Integrity (I)

Low
Availability (A)

None

Open Redirect Affecting django-cms package, versions [,3.3.4) [3.4.0,3.4.3)

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 1 Jul 2022

How to fix?

Overview

References

CVSS Scores

Snyk