Main Vulnerability Database SB2018080321

SB2018080321 - Fedora 28 update for python2-django1.11

Published: August 3, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018080321

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Open redirect (CVE-ID: CVE-2018-14574)

The vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.

The weakness exists on systems with django.middleware.common.CommonMiddleware and the APPEND_SLASH setting enabled and with a project that has a URL pattern that accepts any path ending in a slash due to open redirect. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c85690ba7