Security Advisory

CVE-2014-3730

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-05-16 15:00:00
Last updated 2024-08-06 10:50:18
Assigner debian
State PUBLISHED

Description

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:djangoproject.com."