Django 'is_safe_url()' Function URI Redirection Vulnerability

Bugtraq ID: 67410
Class: Input Validation Error
CVE: CVE-2014-3730
Remote: Yes
Local: No
Published: May 15 2014 12:00AM
Updated: Apr 13 2015 09:54PM
Credit: Peter Kuma and Gavin Wahl
Vulnerable: Mandriva Business Server 1 X86 64
Mandriva Business Server 1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
IBM SmartCloud Provisioning 2.3 FixPack 1
Djangoproject Django 1.6.3
Djangoproject Django 1.6.2
Djangoproject Django 1.5.6
Djangoproject Django 1.5.5
Djangoproject Django 1.4.11
Djangoproject Django 1.4.10
Djangoproject Django 1.7 beta 3
Djangoproject Django 1.7 beta 2
Djangoproject Django 1.7 beta
Djangoproject Django 1.6.4
Djangoproject Django 1.6.1
Djangoproject Django 1.5.7
Djangoproject Django 1.5.4
Djangoproject Django 1.5.2
Djangoproject Django 1.5.1
Djangoproject Django 1.4.9
Djangoproject Django 1.4.8
Djangoproject Django 1.4.6
Djangoproject Django 1.4.5
Djangoproject Django 1.4.4
Djangoproject Django 1.4.12
Djangoproject Django 1.4.1
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Djangoproject Django 1.7 beta 4
Djangoproject Django 1.6.5
Djangoproject Django 1.5.8
Djangoproject Django 1.4.13


 

Privacy Statement
Copyright 2010, SecurityFocus