Search for vulnerabilities
Vulnerability details: VCID-wvz5-nmre-aaaj
Vulnerability ID VCID-wvz5-nmre-aaaj
Aliases CVE-2017-7234
GHSA-h4hv-m4h4-mhwg
PYSEC-2017-10
Summary A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7234.html
cvssv3 4.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7234.json
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00160 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00163 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00321 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00343 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00417 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2017-7234
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1437236
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
cvssv2 4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-h4hv-m4h4-mhwg
cvssv3.1 3.7 https://github.com/django/django
generic_textual MODERATE https://github.com/django/django
cvssv3.1 6.1 https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037
generic_textual MODERATE https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037
cvssv3.1 6.1 https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29
generic_textual MODERATE https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29
cvssv3.1 6.1 https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4
generic_textual MODERATE https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4
cvssv3.1 6.1 https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml
generic_textual MODERATE https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2017-7234
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2017-7234
archlinux Medium https://security.archlinux.org/AVG-233
generic_textual Medium https://ubuntu.com/security/notices/USN-3254-1
cvssv3.1 6.1 https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177
generic_textual MODERATE https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177
cvssv3.1 6.1 https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401
generic_textual MODERATE https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401
cvssv3.1 6.1 https://www.djangoproject.com/weblog/2017/apr/04/security-releases
generic_textual MODERATE https://www.djangoproject.com/weblog/2017/apr/04/security-releases
generic_textual Medium https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
cvssv3.1 6.1 http://www.debian.org/security/2017/dsa-3835
generic_textual MODERATE http://www.debian.org/security/2017/dsa-3835
cvssv3.1 6.1 http://www.securitytracker.com/id/1038177
generic_textual MODERATE http://www.securitytracker.com/id/1038177
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7234.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7234.json
https://api.first.org/data/v1/epss?cve=CVE-2017-7234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7234
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/django/django
https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037
https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29
https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml
https://ubuntu.com/security/notices/USN-3254-1
https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177
https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401
https://www.djangoproject.com/weblog/2017/apr/04/security-releases
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
http://www.debian.org/security/2017/dsa-3835
http://www.securityfocus.com/bid/97401
http://www.securitytracker.com/id/1038177
1437236 https://bugzilla.redhat.com/show_bug.cgi?id=1437236
859516 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859516
ASA-201704-2 https://security.archlinux.org/ASA-201704-2
AVG-233 https://security.archlinux.org/AVG-233
cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*
cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*
CVE-2017-7234 https://nvd.nist.gov/vuln/detail/CVE-2017-7234
GHSA-h4hv-m4h4-mhwg https://github.com/advisories/GHSA-h4hv-m4h4-mhwg
USN-3254-1 https://usn.ubuntu.com/3254-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7234.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2017-10.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7234
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7234
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20170429023907/http://www.securitytracker.com/id/1038177
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20170526042328/http://www.securityfocus.com/bid/97401
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.djangoproject.com/weblog/2017/apr/04/security-releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.debian.org/security/2017/dsa-3835
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.securitytracker.com/id/1038177
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.53217
EPSS Score 0.00160
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.