Vulnerability Details : CVE-2017-7233
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
Vulnerability category: Cross site scripting (XSS)Open redirect
Products affected by CVE-2017-7233
- cpe:2.3:a:djangoproject:django:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.0:a1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.0:b1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.0:b2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.0:c1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9:rc2:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.0:a1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.10.0:b1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9:a1:*:*:*:*:*:*
- cpe:2.3:a:djangoproject:django:1.9:b1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7233
0.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7233
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
|
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2017-7233
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7233
-
https://access.redhat.com/errata/RHSA-2017:1596
RHSA-2017:1596 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1445
RHSA-2017:1445 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:3093
RHSA-2017:3093 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:2927
RHSA-2018:2927 - Security Advisory - Red Hat Customer Portal
-
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
Django security releases issued: 1.10.7, 1.9.13, and 1.8.18 | Weblog | DjangoVendor Advisory
-
http://www.debian.org/security/2017/dsa-3835
Debian -- Security Information -- DSA-3835-1 python-django
-
http://www.securityfocus.com/bid/97406
Django 'django.contrib.auth.views.login()' Function Open Redirection VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1462
RHSA-2017:1462 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1470
RHSA-2017:1470 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1038177
Django Input Validation Flaws Let Remote Users Conduct Cross-Site Scripting and Open Redirect Attacks - SecurityTracker
-
https://access.redhat.com/errata/RHSA-2017:1451
RHSA-2017:1451 - Security Advisory - Red Hat Customer Portal
Jump to