CVE-2017-7233 Information

Description

Django 1.10 before 1.10.7 1.9 before 1.9.13 and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \on success\ URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs \safe\ when they shouldn’t be aka an open redirect vulnerability. Also if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link they could suffer from an XSS attack.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.debian.org/security/2017/dsa-3835 http://www.securityfocus.com/bid/97406 http://www.securitytracker.com/id/1038177 https://access.redhat.com/errata/RHSA-2017:1445 https://access.redhat.com/errata/RHSA-2017:1451 https://access.redhat.com/errata/RHSA-2017:1462 https://access.redhat.com/errata/RHSA-2017:1470 https://access.redhat.com/errata/RHSA-2017:1596 https://access.redhat.com/errata/RHSA-2017:3093 https://access.redhat.com/errata/RHSA-2018:2927 https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ Django 1.10 before 1.10.7 1.9 before 1.9.13 and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an \on success
URL. The security check for these redirects (namely django.utils.[***http.is_safe_url())***](http.is_safe_url())) considered some numeric URLs \safe\ when they shouldn't be aka an open redirect vulnerability. Also if a developer relies on is_safe_url()`` to provide safe redirect targets and puts such a URL into a link they could suffer from an XSS attack.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1