Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-7233

EPSS 0.90% · P76
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-7233

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Django 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Django是Django软件基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django中存在开放重定向漏洞。攻击者可利用该漏洞实施跨站脚本攻击。以下版本受到影响:Django 1.10.7之前的1.10版本,1.9.13之前的1.9版本,1.8.18之前的1.9版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-7233

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-7233

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-04-04 · 20 CVEs total

CVE-2017-7305Riverbed RiOS 安全漏洞
CVE-2017-7412NixOS 权限许可和访问控制问题漏洞
CVE-2016-10229Linux kernel 安全特征问题漏洞
CVE-2014-9922Linux kernel 安全漏洞
CVE-2017-7414Horde_Crypt 操作系统命令注入漏洞
CVE-2017-7413Horde Groupware Webmail Edition 操作系统命令注入漏洞
CVE-2017-7228Xen 输入验证错误漏洞
CVE-2017-7398D-Link DIR-615 跨站请求伪造漏洞
CVE-2017-7307Riverbed RiOS 权限许可和访问控制问题漏洞
CVE-2017-7306Riverbed RiOS 信任管理问题漏洞
CVE-2016-3740福昕Reader 缓冲区错误漏洞
CVE-2017-5670Riverbed RiOS 安全漏洞
CVE-2016-10318Linux kernel 安全漏洞
CVE-2017-7418ProFTPD 安全漏洞
CVE-2017-7234Django 安全漏洞
CVE-2017-0360Tryton 安全漏洞
CVE-2015-1612OpenDaylight OpenFlow插件安全漏洞
CVE-2015-1611OpenDaylight OpenFlow插件安全漏洞
CVE-2016-5870Linux kernel 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-7233

No comments yet

Leave a comment