Search for vulnerabilities
Vulnerability details: VCID-mc9t-adza-aaak
Vulnerability ID VCID-mc9t-adza-aaak
Aliases CVE-2017-7233
GHSA-37hp-765x-j95x
PYSEC-2017-9
Summary Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7233.html
rhas Moderate https://access.redhat.com/errata/RHSA-2017:1445
rhas Moderate https://access.redhat.com/errata/RHSA-2017:1451
rhas Moderate https://access.redhat.com/errata/RHSA-2017:1462
rhas Moderate https://access.redhat.com/errata/RHSA-2017:1470
rhas Moderate https://access.redhat.com/errata/RHSA-2017:1596
rhas Moderate https://access.redhat.com/errata/RHSA-2017:3093
rhas Important https://access.redhat.com/errata/RHSA-2018:2927
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7233.json
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00368 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00528 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00747 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00747 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00747 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00747 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.00847 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
epss 0.01454 https://api.first.org/data/v1/epss?cve=CVE-2017-7233
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1437234
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
cvssv2 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-37hp-765x-j95x
cvssv3.1 3.7 https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
cvssv3.1 6.1 https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
generic_textual MODERATE https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
cvssv3.1 6.1 https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
generic_textual MODERATE https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
cvssv3.1 6.1 https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
generic_textual MODERATE https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7233
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2017-7233
archlinux Medium https://security.archlinux.org/AVG-233
generic_textual Medium https://ubuntu.com/security/notices/USN-3254-1
cvssv3.1 6.1 https://www.djangoproject.com/weblog/2017/apr/04/security-releases
generic_textual MODERATE https://www.djangoproject.com/weblog/2017/apr/04/security-releases
generic_textual Medium https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
cvssv3.1 6.1 http://www.debian.org/security/2017/dsa-3835
generic_textual MODERATE http://www.debian.org/security/2017/dsa-3835
cvssv3.1 6.1 http://www.securityfocus.com/bid/97406
generic_textual MODERATE http://www.securityfocus.com/bid/97406
cvssv3.1 6.1 http://www.securitytracker.com/id/1038177
generic_textual MODERATE http://www.securitytracker.com/id/1038177
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7233.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7233.json
https://api.first.org/data/v1/epss?cve=CVE-2017-7233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/django/django
https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
https://ubuntu.com/security/notices/USN-3254-1
https://www.djangoproject.com/weblog/2017/apr/04/security-releases
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
http://www.debian.org/security/2017/dsa-3835
http://www.securityfocus.com/bid/97406
http://www.securitytracker.com/id/1038177
1437234 https://bugzilla.redhat.com/show_bug.cgi?id=1437234
859515 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859515
ASA-201704-2 https://security.archlinux.org/ASA-201704-2
AVG-233 https://security.archlinux.org/AVG-233
cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*
CVE-2017-7233 https://nvd.nist.gov/vuln/detail/CVE-2017-7233
GHSA-37hp-765x-j95x https://github.com/advisories/GHSA-37hp-765x-j95x
RHSA-2017:1445 https://access.redhat.com/errata/RHSA-2017:1445
RHSA-2017:1451 https://access.redhat.com/errata/RHSA-2017:1451
RHSA-2017:1462 https://access.redhat.com/errata/RHSA-2017:1462
RHSA-2017:1470 https://access.redhat.com/errata/RHSA-2017:1470
RHSA-2017:1596 https://access.redhat.com/errata/RHSA-2017:1596
RHSA-2017:3093 https://access.redhat.com/errata/RHSA-2017:3093
RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927
USN-3254-1 https://usn.ubuntu.com/3254-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7233.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-9.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7233
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7233
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.djangoproject.com/weblog/2017/apr/04/security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.debian.org/security/2017/dsa-3835
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.securityfocus.com/bid/97406
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.securitytracker.com/id/1038177
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.72105
EPSS Score 0.00365
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.