Description

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."

Remediation

References

CVE-2014-3730

Related Vulnerabilities

WordPress Plugin Event Espresso 4 Decaf-Event Registration Event Ticketing Cross-Site Request Forgery (4.10.11.decaf)

WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36130)

Oracle JRE CVE-2018-2677 Vulnerability (CVE-2018-2677)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552)

Severity

Medium

Classification

CVE-2014-3730 CWE-20

Tags

Missing Update Known Vulnerabilities