vulnerability

SUSE: CVE-2017-7233: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	04/04/2017	03/28/2018	02/04/2022

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

04/04/2017

Added

03/28/2018

Modified

02/04/2022

Description

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

Solution

suse-upgrade-python-django

References

SUSE-SUSE-SU-2018:0973-1
SUSE-SUSE-SU-2018:1102-1
DEBIAN-DLA-885-1
DEBIAN-DSA-3835
BID-97406
SECTRACK-1038177
REDHAT-RHSA-2017:1445
REDHAT-RHSA-2017:1451
REDHAT-RHSA-2017:1462
REDHAT-RHSA-2017:1470
REDHAT-RHSA-2017:1596
REDHAT-RHSA-2017:3093
REDHAT-RHSA-2018:2927
NVD-CVE-2017-7233
UBUNTU-USN-3254-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today