VDB

GCVE-110-MAGEIA-2017-106

GCVE-110-MAGEIA-2017-106
Advisory Published
Vulnetix · Advisory published April 14, 2017
It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. (CVE-2017-7233) Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used. A remote attacker could possibly use a Django server as an open redirect. (CVE-2017-7234)

Affected Products

VendorProductVersionsPlatforms
Mageiapsi0 (affected), 1.3-1.1.mga6 (unaffected)
Mageiapython-django0 (affected), 1.8.16-1.1.mga5 (unaffected), 0 (affected), 1.8.16-1.1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›