Published: 03/08/2018 Updated: 01/03/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 520

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

django.middleware.common.CommonMiddleware in Django 1.11.x prior to 1.11.15 and 2.0.x prior to 2.0.8 has an Open Redirect.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djangoproject django
debian debian linux 9.0
canonical ubuntu linux 18.04

Synopsis Moderate: Red Hat Gluster Storage Web Administration security update Type/Severity Security Advisory: Moderate Topic Updated packages are now available for Red Hat Gluster Storage 34 Web Administration Batch Update 3 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...

Django could be used as an open redirect ...

Debian Bug report logs - #874415 python-django: CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> D ...

Debian Bug report logs - #905216 python-django: CVE-2018-14574: Open redirect possibility in CommonMiddleware Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 1 Aug ...

Debian Bug report logs - #918230 python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, ...

When using the djangomiddlewarecommonCommonMiddleware class with the APPEND_SLASH setting enabled, Django projects which accept paths ending in a slash may be vulnerable to an unvalidated HTTP redirect ...

If the djangomiddlewarecommonCommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and o ...

CWE-601 https://www.djangoproject.com/weblog/2018/aug/01/security-releases/https://usn.ubuntu.com/3726-1/http://www.securitytracker.com/id/1041403 https://www.debian.org/security/2018/dsa-4264 http://www.securityfocus.com/bid/104970 https://access.redhat.com/errata/RHSA-2019:0265 https://access.redhat.com/errata/RHSA-2019:0265 https://usn.ubuntu.com/3726-1/https://nvd.nist.gov

CVE-2018-14574

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect