VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-wk4p-pp8w-aaag

Essentials
Severities (98)
References (29)
Severity details (28)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-wk4p-pp8w-aaag
Aliases	CVE-2018-14574 GHSA-5hg3-6c2f-f3wr PYSEC-2018-2
Summary	django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-601	URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14574.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2019:0265
cvssv3	4.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00443	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00577	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00577	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00577	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00577	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.00628	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.12902	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.12902	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.12902	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14505	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.14743	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.162	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.162	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.16453	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.16453	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.16453	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.16453	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.16453	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.16453	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.16453	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
epss	0.62081	https://api.first.org/data/v1/epss?cve=CVE-2018-14574
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1609031
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574
cvssv3	4.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-5hg3-6c2f-f3wr
cvssv3.1	6.1	https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
generic_textual	MODERATE	https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
cvssv3.1	6.1	https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
generic_textual	MODERATE	https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
cvssv3.1	6.1	https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
generic_textual	MODERATE	https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
cvssv3.1	6.1	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
generic_textual	MODERATE	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
cvssv2	5.8	https://nvd.nist.gov/vuln/detail/CVE-2018-14574
cvssv3	6.1	https://nvd.nist.gov/vuln/detail/CVE-2018-14574
archlinux	Medium	https://security.archlinux.org/AVG-743
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3726-1
cvssv3.1	6.1	https://usn.ubuntu.com/3726-1
generic_textual	MODERATE	https://usn.ubuntu.com/3726-1
cvssv3.1	6.1	https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
generic_textual	MODERATE	https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
cvssv3.1	6.1	https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
generic_textual	MODERATE	https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
cvssv3.1	6.1	https://www.debian.org/security/2018/dsa-4264
generic_textual	MODERATE	https://www.debian.org/security/2018/dsa-4264
cvssv3.1	6.1	https://www.djangoproject.com/weblog/2018/aug/01/security-releases
generic_textual	MODERATE	https://www.djangoproject.com/weblog/2018/aug/01/security-releases
generic_textual	Medium	https://www.djangoproject.com/weblog/2018/aug/01/security-releases/

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14574.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-14574
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14574
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
		https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
		https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
		https://ubuntu.com/security/notices/USN-3726-1
		https://usn.ubuntu.com/3726-1
		https://usn.ubuntu.com/3726-1/
		https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
		https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
		https://www.debian.org/security/2018/dsa-4264
		https://www.djangoproject.com/weblog/2018/aug/01/security-releases
		https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
		http://www.securityfocus.com/bid/104970
		http://www.securitytracker.com/id/1041403
1609031		https://bugzilla.redhat.com/show_bug.cgi?id=1609031
905216		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905216
ASA-201808-1		https://security.archlinux.org/ASA-201808-1
AVG-743		https://security.archlinux.org/AVG-743
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
cpe:2.3:o:canonical:ubuntu_linux:18.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2018-14574		https://nvd.nist.gov/vuln/detail/CVE-2018-14574
GHSA-5hg3-6c2f-f3wr		https://github.com/advisories/GHSA-5hg3-6c2f-f3wr
RHSA-2019:0265		https://access.redhat.com/errata/RHSA-2019:0265

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14574.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14574

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14574

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://usn.ubuntu.com/3726-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.debian.org/security/2018/dsa-4264

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.djangoproject.com/weblog/2018/aug/01/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.75555
EPSS Score	0.00443
Published At	Nov. 18, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.