[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

[3.7] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)

ID: oval:org.secpod.oval:def:1801108Date: (C)2018-08-08   (M)2022-02-07
Class: PATCHFamily: unix




If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash , then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. Fixed In Version:¶ Django 1.11.15 and Django 2.0.8

Platform:
Alpine Linux 3.7
Product:
py-django
Reference:
9176
CVE-2018-14574
CVE    1
CVE-2018-14574
CPE    2
cpe:/o:alpinelinux:alpine_linux:3.7
cpe:/a:djangoproject:py-django

© SecPod Technologies