[3.7] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)ID: oval:org.secpod.oval:def:1801108 | Date: (C)2018-08-08 (M)2022-02-07 |
Class: PATCH | Family: unix |
If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash , then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. Fixed In Version:¶ Django 1.11.15 and Django 2.0.8
Platform: |
Alpine Linux 3.7 |