Description

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

Remediation

References

CVE-2014-3730

Related Vulnerabilities

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2021-33327)

Oracle Application Server Other Vulnerability (CVE-2004-1370)

Moodle Incorrect Authorization Vulnerability (CVE-2020-25701)

WordPress Plugin PICA Photo Gallery 'picaPhotosResize.php' Arbitrary File Upload (1.0)

Joomla Other Vulnerability (CVE-2005-4650)

Severity

Medium

Classification

CVE-2014-3730 CWE-20

Tags

Missing Update Known Vulnerabilities