CVE-2018-14574: Django open redirect
(updated )
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
References
- access.redhat.com/errata/RHSA-2019:0265
- github.com/advisories/GHSA-5hg3-6c2f-f3wr
- github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525
- github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c
- github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
- github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2018-2.yaml
- nvd.nist.gov/vuln/detail/CVE-2018-14574
- usn.ubuntu.com/3726-1
- web.archive.org/web/20190901075632/http://www.securitytracker.com/id/1041403
- web.archive.org/web/20200227115315/http://www.securityfocus.com/bid/104970
- www.debian.org/security/2018/dsa-4264
- www.djangoproject.com/weblog/2018/aug/01/security-releases
Code Behaviors & Features
Detect and mitigate CVE-2018-14574 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →