CVE-2017-7234 Medium Severity Vulnerability detected by WhiteSource #11
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2017-7234 - Medium Severity Vulnerability
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
path: /example-python
Library home page: https://pypi.python.org/packages/cb/97/081df31f2a3850988b92ad4464e95f9e4b257aa5a34e120bca89c260de96/Django-1.9.6-py2.py3-none-any.whl
Dependency Hierarchy:
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the
django.views.static.serve()view could redirect to any other domain, aka an open redirect vulnerability.Publish Date: 2017-04-04
URL: CVE-2017-7234
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-7234
Release Date: 2017-04-04
Fix Resolution: 1.10.7,1.9.13,1.8.18
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: