PYSEC-2017-10

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2017-10.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2017-10

Aliases

Published

2017-04-04T17:59:00Z

Modified

2023-11-01T05:30:35.118603Z

Summary

[none]

Details

A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the django.views.static.serve() view could redirect to any other domain, aka an open redirect vulnerability.

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.10

Fixed

1.10.7

Introduced

1.9

Fixed

1.9.13

Introduced

1.8

Fixed

1.8.18

Affected versions

1.*

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.8.10

1.8.11

1.8.12

1.8.13

1.8.14

1.8.15

1.8.16

1.8.17

1.9

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

1.9.10

1.9.11

1.9.12

1.10

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6