CVE-2017-7233

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-7233
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7233.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-7233
Aliases
Downstream
Related
Published
2017-04-04T17:59:00Z
Modified
2025-10-07T23:14:31.223017Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2234d1f08d079a3e4be4f1a89847dc294a4a5c1a
Last affected
25e416ca0f3ea6035c8d797dcc9604bc32202268
Last affected
320ec4ed27c254a87e09a70601b1b27ae0a0456e
Last affected
37935743edbf60201adb1b53b56b8cafa754c69a
Last affected
4022b2c306e88a4ab7f80507e736ce7ac7d01186
Last affected
4217f1cdeb070707e54fec8221b9e63e3957ef38
Last affected
448fcd66e6ffce0d000d38a07e6d61823fa14107
Last affected
449d1effb81152e54f482784cf7febe965007096
Last affected
46b40274dd44921f72a59771ecb3d2b2c7b3aa0b
Last affected
4c047e90b62529681dc691bc935036108d6b0324
Last affected
52db0d5742777a77717df5b1e85d056910a2515d
Last affected
56b3416939ca921cac54b6c79e1b445cbff34098
Last affected
6157cd6da1b27716e8f3d1ed692a6e33d970ae46
Last affected
6e749c21e77dc74af068c8e943a6e6850ae0bb24
Last affected
80b7e9d09f2d23209b591288f9b2cf3eb3d927c8
Last affected
82533e31c2525d9b1a77fc804330e925e8f109f0
Last affected
8a2a3a63b83375d9322c077b6356007e0bef5939
Last affected
8dd33d429892fc06cc9aa655012491f029f5f491
Last affected
9fbdc48c493f43961173bab8f23d633ab41a9608
Last affected
a1f5bafac51f973cc7219d3b7c96587fe7066920
Last affected
a98e00f06834e5fdc945c2aca2c3498efb06ac7d
Last affected
aa10ba096169dcbd3e47303f6b6de59acfe883c1
Last affected
acc3c1df8474f424b2f179bac03d0e9a6bc9aba0
Last affected
b29316c54bb3465265ff931e807229f13349457d
Last affected
b35adb0909b25a7dafc9212ddedfbf9b29dc05b8
Last affected
bd97496d07466f3a940e2fcc114b540ca01cd340
Last affected
c00335997744196738368f46c30ef2eeaa0ac849
Last affected
c168aeba175dbb92c615460a360cb1ea978de5d3
Last affected
c982190acf7bcfba5e78a7505a45774916865569
Last affected
d3d12fc11da56e4ea8af37a22a9a0aa6579ab2d5
Last affected
dafddb6b8c0eb778072bec1ccd536bafad0eb936
Last affected
e3c9412d86c3c394e2604e63f3b51c102ae3e3d7
Last affected
e403f2217e67301526a0df5ea5be42e190e00e10
Last affected
e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd
Last affected
e8bb7464c562388da48bca04c5996fe16a0c3619
Last affected
e99ebfcc140a5f794e259994f9252cb440459143
Last affected
ef08d8cf9e0d1ca62c6c291575d9e306cb09afcb
Last affected
f49602ad46b447c5a27d47b0e89b3440109211a4

Affected versions

1.*

1.0
1.1
1.10
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10a1
1.10b1
1.10rc1
1.2
1.2.1
1.3
1.4
1.7a1
1.7a2
1.8
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.8a1
1.8b1
1.8b2
1.8c1
1.9
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9a1
1.9b1
1.9rc1
1.9rc2