Search for packages
Package details: pkg:pypi/django@1.11a0
purl pkg:pypi/django@1.11a0
Tags Ghost
Next non-vulnerable version 4.2.22
Latest non-vulnerable version 5.2.2
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-mc9t-adza-aaak
Aliases:
CVE-2017-7233
GHSA-37hp-765x-j95x
PYSEC-2017-9
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
1.11
Affected by 21 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-17T22:26:41.513434+00:00 GitLab Importer Affected by VCID-mc9t-adza-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2017-7233.yml 34.0.1
2024-01-03T17:52:40.313091+00:00 GitLab Importer Affected by VCID-mc9t-adza-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2017-7233.yml 34.0.0rc1