CVE-2017-7234
- Source
- https://cve.org/CVERecord?id=CVE-2017-7234
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7234.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-7234
- Aliases
- Downstream
- Related
- Published
- 2017-04-04T17:59:00.303Z
- Modified
- 2026-05-28T04:04:27.987508860Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the
django.views.static.serve()view could redirect to any other domain, aka an open redirect vulnerability. - Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "1.8.0" }, { "last_affected": "1.8.0-a1" }, { "last_affected": "1.8.0-b1" }, { "last_affected": "1.8.0-b2" }, { "last_affected": "1.8.0-c1" }, { "last_affected": "1.10.0" }, { "last_affected": "1.10.0-a1" }, { "last_affected": "1.10.0-b1" }, { "last_affected": "1.10.0-rc1" } ], "source": "CPE_STRING", "vendor_product": "djangoproject:django", "cpes": [ "cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*" ] } ] }- References
Affected packages
Git / github.com/django/django
Affected ranges
- Type
- GIT
- Repo
- https://github.com/django/django
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*" ], "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.8.1" }, { "last_affected": "1.8.2" }, { "last_affected": "1.8.3" }, { "last_affected": "1.8.4" }, { "last_affected": "1.8.5" }, { "last_affected": "1.8.6" }, { "last_affected": "1.8.7" }, { "last_affected": "1.8.8" }, { "last_affected": "1.8.9" }, { "last_affected": "1.8.10" }, { "last_affected": "1.8.11" }, { "last_affected": "1.8.12" }, { "last_affected": "1.8.13" }, { "last_affected": "1.8.14" }, { "last_affected": "1.8.15" }, { "last_affected": "1.8.16" }, { "last_affected": "1.8.17" }, { "last_affected": "1.9" }, { "last_affected": "1.9-a1" }, { "last_affected": "1.9-b1" }, { "last_affected": "1.9-rc1" }, { "last_affected": "1.9-rc2" }, { "last_affected": "1.9.1" }, { "last_affected": "1.9.2" }, { "last_affected": "1.9.3" }, { "last_affected": "1.9.4" }, { "last_affected": "1.9.5" }, { "last_affected": "1.9.6" }, { "last_affected": "1.9.7" }, { "last_affected": "1.9.8" }, { "last_affected": "1.9.9" }, { "last_affected": "1.9.10" }, { "last_affected": "1.9.11" }, { "last_affected": "1.9.12" }, { "last_affected": "1.10.1" }, { "last_affected": "1.10.2" }, { "last_affected": "1.10.3" }, { "last_affected": "1.10.4" }, { "last_affected": "1.10.5" }, { "last_affected": "1.10.6" } ], "source": "CPE_STRING" }
Affected versions
1.*
1.0
1.1
1.10
1.10.1
1.10.2
1.10.3
1.10.4
1.10.5
1.10.6
1.10a1
1.10b1
1.10rc1
1.2
1.2.1
1.3
1.4
1.7a2
1.8
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.16
1.8.17
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.8a1
1.8b1
1.8b2
1.8c1
1.9
1.9.1
1.9.10
1.9.11
1.9.12
1.9.13
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
1.9a1
1.9b1
1.9rc1
1.9rc2
stable/1.*
stable/1.9.x