CVE-2017-7233 (GCVE-0-2017-7233)

Vulnerability from cvelistv5 – Published: 2017-04-04 17:00 – Updated: 2024-08-05 15:56
VLAI?
Summary
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securitytracker.com/id/1038177 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1596 vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/97406 vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3093 vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3835 vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:1445 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1451 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2927 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1470 vendor-advisoryx_refsource_REDHAT
https://www.djangoproject.com/weblog/2017/apr/04/… x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1462 vendor-advisoryx_refsource_REDHAT
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:56:36.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038177",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038177"
          },
          {
            "name": "RHSA-2017:1596",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1596"
          },
          {
            "name": "97406",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97406"
          },
          {
            "name": "RHSA-2017:3093",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3093"
          },
          {
            "name": "DSA-3835",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3835"
          },
          {
            "name": "RHSA-2017:1445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1445"
          },
          {
            "name": "RHSA-2017:1451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1451"
          },
          {
            "name": "RHSA-2018:2927",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2927"
          },
          {
            "name": "RHSA-2017:1470",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1470"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"
          },
          {
            "name": "RHSA-2017:1462",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1462"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \"on success\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \"safe\" when they shouldn\u0027t be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038177",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038177"
        },
        {
          "name": "RHSA-2017:1596",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1596"
        },
        {
          "name": "97406",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97406"
        },
        {
          "name": "RHSA-2017:3093",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3093"
        },
        {
          "name": "DSA-3835",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3835"
        },
        {
          "name": "RHSA-2017:1445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1445"
        },
        {
          "name": "RHSA-2017:1451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1451"
        },
        {
          "name": "RHSA-2018:2927",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2927"
        },
        {
          "name": "RHSA-2017:1470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1470"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"
        },
        {
          "name": "RHSA-2017:1462",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1462"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7233",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \"on success\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \"safe\" when they shouldn\u0027t be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038177",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038177"
            },
            {
              "name": "RHSA-2017:1596",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1596"
            },
            {
              "name": "97406",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97406"
            },
            {
              "name": "RHSA-2017:3093",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3093"
            },
            {
              "name": "DSA-3835",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3835"
            },
            {
              "name": "RHSA-2017:1445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1445"
            },
            {
              "name": "RHSA-2017:1451",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1451"
            },
            {
              "name": "RHSA-2018:2927",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2927"
            },
            {
              "name": "RHSA-2017:1470",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1470"
            },
            {
              "name": "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/",
              "refsource": "CONFIRM",
              "url": "https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"
            },
            {
              "name": "RHSA-2017:1462",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1462"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7233",
    "datePublished": "2017-04-04T17:00:00",
    "dateReserved": "2017-03-22T00:00:00",
    "dateUpdated": "2024-08-05T15:56:36.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02D3C0FF-C342-40F1-A187-CD212C16FE8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*\", \"matchCriteriaId\": \"85ED1834-500C-4E37-BD51-E42DB28F3B67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6E3323E-6AC0-4703-A3A4-A429946B0839\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AB300FB-2A7D-498E-891D-E75DCA9ED7A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AC1822A-A7FE-4F38-BD5A-74388A5405D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2510BAD7-1FB6-4F6F-A2CC-9DE9AD39B4FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1B388C7-ED4E-4416-969F-32263E7D7AA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63D36984-4C8E-4CDB-8D15-445705FCECF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B324AE6-ADD8-41B9-B250-A6577ACBB364\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6487058-6768-4AD3-BE27-A0B3D1ACFC08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CFF0538-B111-44A8-ADC2-87E280186257\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3343FF8-53EC-459D-B31C-CD363D04FF42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9B637E9-067A-4473-9B50-433CCC177982\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99A5BF6D-631B-4C8E-9868-579BD79100C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"280B9958-9163-4126-910A-2EF4B408DFCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A40373B-301E-4B81-8FA5-28D916142F59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79BB3174-7859-4195-B7B3-BCAA280A6F80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42EF41AF-B2FA-468A-B161-D9FE29CE53EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48DF0100-F98E-4997-A8F7-DC07FA4A06D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECDC5647-8EA7-4595-88C2-541BC489ED2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB571E66-C1B2-4FFD-8265-FB381CF4ACE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C49F25DA-CD52-49A9-B5BE-63FD399A9813\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29C40BAC-6DF3-4EA2-A65A-86462DDD8723\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B4797F9-82E9-4BA8-868D-C6F18BA01DE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E885D945-FB55-47F4-AA6B-462AFBDAD750\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"48BD4296-E83B-4563-9A39-70C95EEAA337\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"F63D8C0A-D93E-4A1F-A8F8-D22314771AD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B754401-8503-4553-853F-4F6BCD2D2FF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"019C26C7-EF1F-45BB-934E-521E2E64452E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A18691A7-E4D0-48A4-81A7-89846E991AF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C06EBD9-381E-4018-BFDC-E23EA18097B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D134048-B64F-45AE-B4A2-26E516CCF37B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F39B83A-C10B-4B88-9491-2FB8B07D6EA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64A4030E-F51F-4944-BCE7-E27CD32EC7D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCC1F046-DAF7-4734-9F80-A3C57857AF18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61EE8536-0E8D-477A-B8EA-817CE21D516A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"483D0F44-15C8-43A2-B3AE-331F40DA1A80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD33E383-2772-4F79-A2C9-4F9EB8FBC8EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77D82BAD-B2AE-49FB-AF71-393631D2B29C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D2541CE-0462-46DF-BDD8-C19D6E45140B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1763E8EB-F943-4A9A-8E19-E6BE9F847DDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*\", \"matchCriteriaId\": \"48E20213-67BB-4A16-B961-502BA4E54A98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C71C2E3-C134-45B0-BDDC-FFE7612AB1EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CE31960-7C68-42F3-B215-B30A87DB67CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3838B8E-8F0E-4F7A-88E6-FFF2590E5302\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D6C6214-7946-4025-84E6-59448CFE75B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58182835-CB1F-4490-AE65-90601DBFD0D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04AE04CD-E923-4630-9BAA-5A4D5A5D0055\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2517FB1C-B732-432B-9F27-EE60F6556433\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \\\"on success\\\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \\\"safe\\\" when they shouldn\u0027t be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.\"}, {\"lang\": \"es\", \"value\": \"Django 1.10 en versiones anteriores a 1.10.7, 1.9 en versiones anteriores a 1.9.13, y 1.8 en versiones anteriores a 1.8.18 se basa en la entrada del usuario en algunos casos para redirigir al usuario a una URL de \\\"\\u00e9xito\\\". La comprobaci\\u00f3n de seguridad de estos redireccionamientos (a saber, `` django.utils.http.is_safe_url()``) considera que algunas URL num\\u00e9ricas son \\\"seguras\\\" cuando no deber\\u00edan serlo, tambi\\u00e9n conocida como una vulnerabilidad de redirecci\\u00f3n abierta. Adem\\u00e1s, si un desarrollador conf\\u00eda en `` is_safe_url() `` para proporcionar destinos de redirecci\\u00f3n seguros y pone esa URL en un enlace, podr\\u00eda sufrir un ataque XSS.\"}]",
      "id": "CVE-2017-7233",
      "lastModified": "2024-11-21T03:31:25.980",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-04-04T17:59:00.273",
      "references": "[{\"url\": \"http://www.debian.org/security/2017/dsa-3835\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/97406\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038177\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1445\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1451\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1462\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1470\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1596\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3093\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2927\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2017/dsa-3835\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/97406\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038177\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1451\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1462\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1470\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1596\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:3093\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2927\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-601\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7233\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-04-04T17:59:00.273\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \\\"on success\\\" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs \\\"safe\\\" when they shouldn\u0027t be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.\"},{\"lang\":\"es\",\"value\":\"Django 1.10 en versiones anteriores a 1.10.7, 1.9 en versiones anteriores a 1.9.13, y 1.8 en versiones anteriores a 1.8.18 se basa en la entrada del usuario en algunos casos para redirigir al usuario a una URL de \\\"\u00e9xito\\\". La comprobaci\u00f3n de seguridad de estos redireccionamientos (a saber, `` django.utils.http.is_safe_url()``) considera que algunas URL num\u00e9ricas son \\\"seguras\\\" cuando no deber\u00edan serlo, tambi\u00e9n conocida como una vulnerabilidad de redirecci\u00f3n abierta. Adem\u00e1s, si un desarrollador conf\u00eda en `` is_safe_url() `` para proporcionar destinos de redirecci\u00f3n seguros y pone esa URL en un enlace, podr\u00eda sufrir un ataque XSS.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02D3C0FF-C342-40F1-A187-CD212C16FE8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85ED1834-500C-4E37-BD51-E42DB28F3B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6E3323E-6AC0-4703-A3A4-A429946B0839\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AB300FB-2A7D-498E-891D-E75DCA9ED7A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AC1822A-A7FE-4F38-BD5A-74388A5405D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2510BAD7-1FB6-4F6F-A2CC-9DE9AD39B4FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1B388C7-ED4E-4416-969F-32263E7D7AA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63D36984-4C8E-4CDB-8D15-445705FCECF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B324AE6-ADD8-41B9-B250-A6577ACBB364\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6487058-6768-4AD3-BE27-A0B3D1ACFC08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CFF0538-B111-44A8-ADC2-87E280186257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3343FF8-53EC-459D-B31C-CD363D04FF42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B637E9-067A-4473-9B50-433CCC177982\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99A5BF6D-631B-4C8E-9868-579BD79100C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"280B9958-9163-4126-910A-2EF4B408DFCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A40373B-301E-4B81-8FA5-28D916142F59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79BB3174-7859-4195-B7B3-BCAA280A6F80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42EF41AF-B2FA-468A-B161-D9FE29CE53EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48DF0100-F98E-4997-A8F7-DC07FA4A06D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECDC5647-8EA7-4595-88C2-541BC489ED2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB571E66-C1B2-4FFD-8265-FB381CF4ACE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C49F25DA-CD52-49A9-B5BE-63FD399A9813\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29C40BAC-6DF3-4EA2-A65A-86462DDD8723\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B4797F9-82E9-4BA8-868D-C6F18BA01DE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E885D945-FB55-47F4-AA6B-462AFBDAD750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"48BD4296-E83B-4563-9A39-70C95EEAA337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63D8C0A-D93E-4A1F-A8F8-D22314771AD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B754401-8503-4553-853F-4F6BCD2D2FF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"019C26C7-EF1F-45BB-934E-521E2E64452E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A18691A7-E4D0-48A4-81A7-89846E991AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C06EBD9-381E-4018-BFDC-E23EA18097B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D134048-B64F-45AE-B4A2-26E516CCF37B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F39B83A-C10B-4B88-9491-2FB8B07D6EA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64A4030E-F51F-4944-BCE7-E27CD32EC7D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC1F046-DAF7-4734-9F80-A3C57857AF18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61EE8536-0E8D-477A-B8EA-817CE21D516A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"483D0F44-15C8-43A2-B3AE-331F40DA1A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD33E383-2772-4F79-A2C9-4F9EB8FBC8EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D82BAD-B2AE-49FB-AF71-393631D2B29C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D2541CE-0462-46DF-BDD8-C19D6E45140B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1763E8EB-F943-4A9A-8E19-E6BE9F847DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E20213-67BB-4A16-B961-502BA4E54A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C71C2E3-C134-45B0-BDDC-FFE7612AB1EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CE31960-7C68-42F3-B215-B30A87DB67CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3838B8E-8F0E-4F7A-88E6-FFF2590E5302\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D6C6214-7946-4025-84E6-59448CFE75B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58182835-CB1F-4490-AE65-90601DBFD0D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04AE04CD-E923-4630-9BAA-5A4D5A5D0055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2517FB1C-B732-432B-9F27-EE60F6556433\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3835\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/97406\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038177\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1445\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1451\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1462\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1470\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1596\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3093\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2927\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3835\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/97406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1470\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2927\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.