python-django: open redirect attacks

Package(s):

python-django

CVE #(s):

CVE-2014-3730

Created:

May 20, 2014

Updated:

May 27, 2014

Description:

From the CVE entry:

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

Alerts:

openSUSE	openSUSE-SU-2014:1132-1	python-django	2014-09-16
Mandriva	MDVSA-2014:113	python-django	2014-06-10
Fedora	FEDORA-2014-6440	python-django15	2014-05-26
Fedora	FEDORA-2014-6442	python-django14	2014-05-26
Fedora	FEDORA-2014-6454	python-django	2014-05-26
Fedora	FEDORA-2014-6449	python-django	2014-05-26
Mageia	MGASA-2014-0231	python-django	2014-05-19
Debian	DSA-2934-1	python-django	2014-05-19
Mandriva	MDVSA-2014:112	python-django	2014-06-10