The django.util.http.is_safe_url function in Django 1.4 prior to 1.4.13, 1.5 prior to 1.5.8, 1.6 prior to 1.6.5, and 1.7 prior to 1.7b4 does not properly validate URLs, which allows remote malicious users to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 13.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 12.10 |
||
djangoproject django 1.4.2 |
||
djangoproject django 1.4.4 |
||
djangoproject django 1.4.1 |
||
djangoproject django 1.4.10 |
||
djangoproject django 1.4.7 |
||
djangoproject django 1.4.8 |
||
djangoproject django 1.4.11 |
||
djangoproject django 1.4.12 |
||
djangoproject django 1.4.9 |
||
djangoproject django 1.4 |
||
djangoproject django 1.4.5 |
||
djangoproject django 1.4.6 |
||
djangoproject django 1.7 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 12.3 |
||
djangoproject django 1.6 |
||
djangoproject django 1.6.2 |
||
djangoproject django 1.6.3 |
||
djangoproject django 1.6.4 |
||
djangoproject django 1.6.1 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
djangoproject django 1.5.1 |
||
djangoproject django 1.5.2 |
||
djangoproject django 1.5.6 |
||
djangoproject django 1.5.5 |
||
djangoproject django 1.5 |
||
djangoproject django 1.5.7 |
||
djangoproject django 1.5.3 |
||
djangoproject django 1.5.4 |