Description
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
Remediation
References
Related Vulnerabilities
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.20)
WordPress Plugin WooCommerce Security Bypass (5.6.0)
Oracle Database Server CVE-2009-1991 Vulnerability (CVE-2009-1991)
WordPress Plugin Modula Image Gallery Cross-Site Scripting (2.2.4)
WordPress Plugin Recart-The New GhostMonitor Unspecified Vulnerability (1.5.0)