VDB

GCVE-VVD-MAGEIA-2017-106

GCVE-VVD-MAGEIA-2017-106
Advisory Published
Vulnetix · Advisory published November 7, 2017
It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. (CVE-2017-7233) Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve() view is being used. A remote attacker could possibly use a Django server as an open redirect. (CVE-2017-7234)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiapsi0 (affected), 1.3-1.1.mga6 (unaffected)
Mageiapython-django0 (affected), 1.8.16-1.1.mga5 (unaffected), 0 (affected), 1.8.16-1.1.mga5 (unaffected)

Aliases

CVE-2017-7234CVE-2017-7233

Transitive aliases

VVD-GENTOO-2016-598770GHSA-h4hv-m4h4-mhwgEUVD-2017-0024GHSA-mv8g-fhh6-6267GHSA-3f2c-jm6v-cr35EUVD-2016-0007CVE-2016-9014EUVD-2016-0006VVD-MAGEIA-2016-368EUVD-2017-0026CVE-2016-9013GHSA-37hp-765x-j95x

References

Updated python-django packages fix security vulnerability
advisory
Updated python-django packages fix security vulnerability
issue
Updated python-django packages fix security vulnerability
issue
Updated python-django packages fix security vulnerability
advisory
Updated psi packages fix Qt upgrade & several bugs
advisory
Updated psi packages fix Qt upgrade & several bugs
issue
Updated psi packages fix Qt upgrade & several bugs
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›