ID CVE-2018-14574
Summary django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
Vulnerable Configurations
Base: None
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-875.NASL
    description This update for python-Django1 to version 1.11.15 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an open redirect possibility in CommonMiddleware (boo#1102680) The following other bugs were fixed : - Fixed WKBWriter.write() and write_hex() for empty polygons on GEOS 3.6.1+ - Fixed a regression where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary - Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed - Fixed a regression where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns
    last seen 2018-08-18
    modified 2018-08-17
    plugin id 111810
    published 2018-08-17
    reporter Tenable
    title openSUSE Security Update : python-Django1 (openSUSE-2018-875)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3726-1.NASL
    description Andreas Hug discovered that Django contained an open redirect in CommonMiddleware. A remote attacker could possibly use this issue to perform phishing attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-02
    modified 2018-08-02
    plugin id 111511
    published 2018-08-02
    reporter Tenable
    title Ubuntu 18.04 LTS : python-django vulnerability (USN-3726-1)
  • NASL family Debian Local Security Checks
    description Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable ifdjango.middleware.common.CommonMiddleware is used and the APPEND_SLASH setting is enabled.
    last seen 2018-08-10
    modified 2018-08-06
    plugin id 111537
    published 2018-08-06
    reporter Tenable
    title Debian DSA-4264-1 : python-django - security update
refmap via4
bid 104970
debian DSA-4264
sectrack 1041403
ubuntu USN-3726-1
Last major update 07-08-2018 - 21:29
Published 03-08-2018 - 13:29
Last modified 07-08-2018 - 21:29
Back to Top