CVE-2018-14574 Information

Description

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/104970 http://www.securitytracker.com/id/1041403 https://access.redhat.com/errata/RHSA-2019:0265 https://usn.ubuntu.com/3726-1/ https://www.debian.org/security/2018/dsa-4264 https://www.djangoproject.com/weblog/2018/aug/01/security-releases/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1