SB2017040521 - Open redirect in py-django (Alpine package)
Published: April 5, 2017
Security Bulletin ID
SB2017040521
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Open redirect (CVE-ID: CVE-2017-7234)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to redirect website visitors to external websites.
The weakness exists due to incorrect validation of redirected URL. A remote attacker can create a specially crafted link and redirect the victim on potentially dangerous website.
Successful exploitation of the vulnerability may allow an attacker to perform phishing attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=aac947d54afaf9dcc0db074c91149f8063f9d3ab
- https://git.alpinelinux.org/aports/commit/?id=c6946cd412005ff67f9ffa26bae05148414d006c
- https://git.alpinelinux.org/aports/commit/?id=2bfc256714ffd5e50b457f1c3cdb5d7de4ec77af
- https://git.alpinelinux.org/aports/commit/?id=05b4008dbdf532c14ba0f1b17f4394ef3602e445
- https://git.alpinelinux.org/aports/commit/?id=13b4e92e4fc47a3a048a8647e4674f3580e55b56
- https://git.alpinelinux.org/aports/commit/?id=c18a5bc6ffb9c2e3ff2a727354255677217f7e59
- https://git.alpinelinux.org/aports/commit/?id=e2e259ef2a11846c3bcdaedf1b90a1896ae1cbce