Vulnerability Details CVE-2017-7234
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 5.8
References
- http://www.debian.org/security/2017/dsa-3835
- http://www.securityfocus.com/bid/97401
- http://www.securitytracker.com/id/1038177
- https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
- http://www.debian.org/security/2017/dsa-3835
- http://www.securityfocus.com/bid/97401
- http://www.securitytracker.com/id/1038177
- https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
Products affected by CVE-2017-7234
-
cpe:2.3:a:djangoproject:django:1.10.0
-
cpe:2.3:a:djangoproject:django:1.10.1
-
cpe:2.3:a:djangoproject:django:1.10.2
-
cpe:2.3:a:djangoproject:django:1.10.3
-
cpe:2.3:a:djangoproject:django:1.10.4
-
cpe:2.3:a:djangoproject:django:1.10.5
-
cpe:2.3:a:djangoproject:django:1.10.6
-
cpe:2.3:a:djangoproject:django:1.8.0
-
cpe:2.3:a:djangoproject:django:1.8.1
-
cpe:2.3:a:djangoproject:django:1.8.10
-
cpe:2.3:a:djangoproject:django:1.8.11
-
cpe:2.3:a:djangoproject:django:1.8.12
-
cpe:2.3:a:djangoproject:django:1.8.13
-
cpe:2.3:a:djangoproject:django:1.8.14
-
cpe:2.3:a:djangoproject:django:1.8.15
-
cpe:2.3:a:djangoproject:django:1.8.16
-
cpe:2.3:a:djangoproject:django:1.8.17
-
cpe:2.3:a:djangoproject:django:1.8.2
-
cpe:2.3:a:djangoproject:django:1.8.3
-
cpe:2.3:a:djangoproject:django:1.8.4
-
cpe:2.3:a:djangoproject:django:1.8.5
-
cpe:2.3:a:djangoproject:django:1.8.6
-
cpe:2.3:a:djangoproject:django:1.8.7
-
cpe:2.3:a:djangoproject:django:1.8.8
-
cpe:2.3:a:djangoproject:django:1.8.9
-
cpe:2.3:a:djangoproject:django:1.9
-
cpe:2.3:a:djangoproject:django:1.9.1
-
cpe:2.3:a:djangoproject:django:1.9.10
-
cpe:2.3:a:djangoproject:django:1.9.11
-
cpe:2.3:a:djangoproject:django:1.9.12
-
cpe:2.3:a:djangoproject:django:1.9.2
-
cpe:2.3:a:djangoproject:django:1.9.3
-
cpe:2.3:a:djangoproject:django:1.9.4
-
cpe:2.3:a:djangoproject:django:1.9.5
-
cpe:2.3:a:djangoproject:django:1.9.6
-
cpe:2.3:a:djangoproject:django:1.9.7
-
cpe:2.3:a:djangoproject:django:1.9.8
-
cpe:2.3:a:djangoproject:django:1.9.9