Description
The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)
Apache HTTP Server CVE-2002-0392 Vulnerability (CVE-2002-0392)
WordPress Plugin Delete Duplicate Posts Security Bypass (4.1.9.4)
MySQL CVE-2022-21370 Vulnerability (CVE-2022-21370)
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21690 )