GMS-2013-18: Possible XSS via is_safe_url

August 13, 2013

The is_safe_url() function, due to the manner in which it parses the URL, will permit redirects to schemes other than HTTP and HTTPS such as javascript:.

References

www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/

Code Behaviors & Features

Detect and mitigate GMS-2013-18 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →