Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2017-7234

A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the django.views.static.serve() view could redirect to any other domain, aka an open redirect vulnerability.

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

Software From Fixed in
djangoproject / django 1.10.0 1.10.0.x
djangoproject / django 1.9-a1 1.9-a1.x
djangoproject / django 1.8.0-a1 1.8.0-a1.x
djangoproject / django 1.8.15 1.8.15.x
djangoproject / django 1.8.2 1.8.2.x
djangoproject / django 1.9.6 1.9.6.x
djangoproject / django 1.9-rc2 1.9-rc2.x
djangoproject / django 1.10.3 1.10.3.x
djangoproject / django 1.8.14 1.8.14.x
djangoproject / django 1.9.9 1.9.9.x
djangoproject / django 1.8.1 1.8.1.x
djangoproject / django 1.8.0-b1 1.8.0-b1.x
djangoproject / django 1.10.1 1.10.1.x
djangoproject / django 1.8.7 1.8.7.x
djangoproject / django 1.8.9 1.8.9.x
djangoproject / django 1.10.5 1.10.5.x
djangoproject / django 1.9.5 1.9.5.x
djangoproject / django 1.8.11 1.8.11.x
djangoproject / django 1.10.0-a1 1.10.0-a1.x
djangoproject / django 1.9.12 1.9.12.x
djangoproject / django 1.8.3 1.8.3.x
djangoproject / django 1.8.12 1.8.12.x
djangoproject / django 1.8.4 1.8.4.x
djangoproject / django 1.9.11 1.9.11.x
djangoproject / django 1.10.2 1.10.2.x
djangoproject / django 1.8.0 1.8.0.x
djangoproject / django 1.8.16 1.8.16.x
djangoproject / django 1.9.3 1.9.3.x
djangoproject / django 1.9.4 1.9.4.x
djangoproject / django 1.8.6 1.8.6.x
djangoproject / django 1.8.0-c1 1.8.0-c1.x
djangoproject / django 1.10.6 1.10.6.x
djangoproject / django 1.8.13 1.8.13.x
djangoproject / django 1.10.0-b1 1.10.0-b1.x
djangoproject / django 1.10.0-rc1 1.10.0-rc1.x
djangoproject / django 1.9.7 1.9.7.x
djangoproject / django 1.8.17 1.8.17.x
djangoproject / django 1.8.8 1.8.8.x
djangoproject / django 1.8.5 1.8.5.x
djangoproject / django 1.9.1 1.9.1.x
djangoproject / django 1.9 1.9.x
djangoproject / django 1.10.4 1.10.4.x
djangoproject / django 1.9.8 1.9.8.x
djangoproject / django 1.8.0-b2 1.8.0-b2.x
djangoproject / django 1.9.2 1.9.2.x
djangoproject / django 1.9-b1 1.9-b1.x
djangoproject / django 1.9.10 1.9.10.x
djangoproject / django 1.9-rc1 1.9-rc1.x
djangoproject / django 1.8.10 1.8.10.x
Django 1.10 1.10.7
Django 1.9 1.9.13
Django 1.8 1.8.18