Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2017-7233
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-04 Apr, 2017 | 17:00
Updated At-05 Aug, 2024 | 15:56
Rejected At-
▼CVE Numbering Authority (CNA)

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1038177
vdb-entry
x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1596
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/97406
vdb-entry
x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3093
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3835
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:1445
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1451
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2927
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1470
vendor-advisory
x_refsource_REDHAT
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1462
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1038177
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1596
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/97406
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3093
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2017/dsa-3835
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1445
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1451
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2018:2927
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1470
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1462
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1038177
vdb-entry
x_refsource_SECTRACK
x_transferred
https://access.redhat.com/errata/RHSA-2017:1596
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/97406
vdb-entry
x_refsource_BID
x_transferred
https://access.redhat.com/errata/RHSA-2017:3093
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2017/dsa-3835
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:1445
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:1451
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:2927
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:1470
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2017:1462
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1038177
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1596
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97406
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3093
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2017/dsa-3835
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1445
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1451
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:2927
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1470
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:1462
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Details not found