Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-7234

A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.

Related bugs and status

CVE-2017-7234 (Candidate) is related to these bugs:

Bug #1679820: Django security issues, new releases 1.10.7, 1.9.13, 1.8.18

		In	Importance	Status
1679820	Django security issues, new releases 1.10.7, 1.9.13, 1.8.18	Mirantis OpenStack	Critical	Won't Fix
1679820	Django security issues, new releases 1.10.7, 1.9.13, 1.8.18	Mirantis OpenStack 9.x	Critical	Fix Released
1679820	Django security issues, new releases 1.10.7, 1.9.13, 1.8.18	Mirantis OpenStack 8.0.x	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://www.djangoproj...
BID: 97401
SECTRACK: 1038177
DEBIAN: DSA-3835