CVE-2014-3730
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
Affected (43)
Show all products
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.04 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.4.10 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.7 beta1 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.6.1 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.0 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.5.1 |
References (16)
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.