Open redirect in Django - CVE-2017-7234
Published: June 16, 2017
Vulnerability identifier: #VU7106
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7234
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Django Software Foundation
Affected software:
Django
Django
Detailed vulnerability description
The vulnerability allows a remote attacker to redirect website visitors to external websites.
The weakness exists due to incorrect validation of redirected URL. A remote attacker can create a specially crafted link and redirect the victim on potentially dangerous website.
Successful exploitation of the vulnerability may allow an attacker to perform phishing attack.
The weakness exists due to incorrect validation of redirected URL. A remote attacker can create a specially crafted link and redirect the victim on potentially dangerous website.
Successful exploitation of the vulnerability may allow an attacker to perform phishing attack.
How to mitigate CVE-2017-7234
Update to version 1.8.18, 1.9.13, 1.10.7.