Home

CVE-2017-7233

Description

Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an on success URL. The security check for these redirects (namely django.utils.http.is_safe_url()) considered some numeric URLs safe when they shouldnt be, aka an open redirect vulnerability. Also, if a developer relies on is_safe_url() to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.594

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-7233,CVE-2017-7234 are fixed in Python-django 1.10.7Windows
Vulnerabilities CVE-2017-7233,CVE-2017-7234 are fixed in Python-django 1.8.18Windows
Vulnerabilities CVE-2017-7233,CVE-2017-7234 are fixed in Python-django 1.9.13Windows
High-level Python web development framework (USN-3254-1) python-django_1.8.7-1ubuntu5.5_all.debLinux
High-level Python web development framework (USN-3254-1) python-django_1.8.7-1ubuntu8.2_all.debLinux
High-level Python web development framework (USN-3254-1) python-django_1.3.1-4ubuntu1.23_all.debLinux
High-level Python web development framework (USN-3254-1) python-django_1.6.11-0ubuntu1.1_all.debLinux
High-level Python web development framework (USN-3254-1) python3-django_1.8.7-1ubuntu5.5_all.debLinux
High-level Python web development framework (USN-3254-1) python3-django_1.8.7-1ubuntu8.2_all.debLinux
Vulnerabilities CVE-2017-7233,CVE-2017-7234 are fixed in Python-django for linux 1.10.7Linux
Vulnerabilities CVE-2017-7233,CVE-2017-7234 are fixed in Python-django for linux 1.8.18Linux
Vulnerabilities CVE-2017-7233,CVE-2017-7234 are fixed in Python-django for linux 1.9.13Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234