{"id":"CVE-2017-7234","details":"A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.","aliases":["GHSA-h4hv-m4h4-mhwg","PYSEC-2017-10"],"modified":"2026-03-20T11:20:46.873584Z","published":"2017-04-04T17:59:00.303Z","related":["MGASA-2017-0106","SUSE-SU-2018:0973-1","SUSE-SU-2018:1102-1","openSUSE-SU-2018:0632-1","openSUSE-SU-2023:0077-1","openSUSE-SU-2024:11205-1","openSUSE-SU-2024:13887-1","openSUSE-SU-2024:14208-1","openSUSE-SU-2026:10005-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1038177"},{"type":"ADVISORY","url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3835"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97401"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/django/django","events":[{"introduced":"0"},{"last_affected":"e3c9412d86c3c394e2604e63f3b51c102ae3e3d7"},{"introduced":"0"},{"last_affected":"449d1effb81152e54f482784cf7febe965007096"},{"introduced":"0"},{"last_affected":"4217f1cdeb070707e54fec8221b9e63e3957ef38"},{"introduced":"0"},{"last_affected":"acc3c1df8474f424b2f179bac03d0e9a6bc9aba0"},{"introduced":"0"},{"last_affected":"b35adb0909b25a7dafc9212ddedfbf9b29dc05b8"},{"introduced":"0"},{"last_affected":"80b7e9d09f2d23209b591288f9b2cf3eb3d927c8"},{"introduced":"0"},{"last_affected":"8dd33d429892fc06cc9aa655012491f029f5f491"},{"introduced":"0"},{"last_affected":"a1f5bafac51f973cc7219d3b7c96587fe7066920"},{"introduced":"0"},{"last_affected":"c982190acf7bcfba5e78a7505a45774916865569"},{"introduced":"0"},{"last_affected":"ef08d8cf9e0d1ca62c6c291575d9e306cb09afcb"},{"introduced":"0"},{"last_affected":"a98e00f06834e5fdc945c2aca2c3498efb06ac7d"},{"introduced":"0"},{"last_affected":"c168aeba175dbb92c615460a360cb1ea978de5d3"},{"introduced":"0"},{"last_affected":"4022b2c306e88a4ab7f80507e736ce7ac7d01186"},{"introduced":"0"},{"last_affected":"9fbdc48c493f43961173bab8f23d633ab41a9608"},{"introduced":"0"},{"last_affected":"25e416ca0f3ea6035c8d797dcc9604bc32202268"},{"introduced":"0"},{"last_affected":"aa10ba096169dcbd3e47303f6b6de59acfe883c1"},{"introduced":"0"},{"last_affected":"d3d12fc11da56e4ea8af37a22a9a0aa6579ab2d5"},{"introduced":"0"},{"last_affected":"3df8ccf6fc3fa0ab2acf9a03da43fea87f8ff392"},{"introduced":"0"},{"last_affected":"e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd"},{"introduced":"0"},{"last_affected":"e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd"},{"introduced":"0"},{"last_affected":"82533e31c2525d9b1a77fc804330e925e8f109f0"},{"introduced":"0"},{"last_affected":"56b3416939ca921cac54b6c79e1b445cbff34098"},{"introduced":"0"},{"last_affected":"e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd"},{"introduced":"0"},{"last_affected":"c00335997744196738368f46c30ef2eeaa0ac849"},{"introduced":"0"},{"last_affected":"37935743edbf60201adb1b53b56b8cafa754c69a"},{"introduced":"0"},{"last_affected":"dafddb6b8c0eb778072bec1ccd536bafad0eb936"},{"introduced":"0"},{"last_affected":"b29316c54bb3465265ff931e807229f13349457d"},{"introduced":"0"},{"last_affected":"6e749c21e77dc74af068c8e943a6e6850ae0bb24"},{"introduced":"0"},{"last_affected":"8a2a3a63b83375d9322c077b6356007e0bef5939"},{"introduced":"0"},{"last_affected":"2234d1f08d079a3e4be4f1a89847dc294a4a5c1a"},{"introduced":"0"},{"last_affected":"e8bb7464c562388da48bca04c5996fe16a0c3619"},{"introduced":"0"},{"last_affected":"f49602ad46b447c5a27d47b0e89b3440109211a4"},{"introduced":"0"},{"last_affected":"52db0d5742777a77717df5b1e85d056910a2515d"},{"introduced":"0"},{"last_affected":"448fcd66e6ffce0d000d38a07e6d61823fa14107"},{"introduced":"0"},{"last_affected":"bd97496d07466f3a940e2fcc114b540ca01cd340"},{"introduced":"0"},{"last_affected":"e99ebfcc140a5f794e259994f9252cb440459143"},{"introduced":"0"},{"last_affected":"46b40274dd44921f72a59771ecb3d2b2c7b3aa0b"},{"introduced":"0"},{"last_affected":"4c047e90b62529681dc691bc935036108d6b0324"},{"introduced":"0"},{"last_affected":"6157cd6da1b27716e8f3d1ed692a6e33d970ae46"},{"introduced":"0"},{"last_affected":"320ec4ed27c254a87e09a70601b1b27ae0a0456e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.2"},{"introduced":"0"},{"last_affected":"1.8.3"},{"introduced":"0"},{"last_affected":"1.8.4"},{"introduced":"0"},{"last_affected":"1.8.5"},{"introduced":"0"},{"last_affected":"1.8.6"},{"introduced":"0"},{"last_affected":"1.8.7"},{"introduced":"0"},{"last_affected":"1.8.8"},{"introduced":"0"},{"last_affected":"1.8.9"},{"introduced":"0"},{"last_affected":"1.8.10"},{"introduced":"0"},{"last_affected":"1.8.11"},{"introduced":"0"},{"last_affected":"1.8.12"},{"introduced":"0"},{"last_affected":"1.8.13"},{"introduced":"0"},{"last_affected":"1.8.14"},{"introduced":"0"},{"last_affected":"1.8.15"},{"introduced":"0"},{"last_affected":"1.8.16"},{"introduced":"0"},{"last_affected":"1.8.17"},{"introduced":"0"},{"last_affected":"1.9"},{"introduced":"0"},{"last_affected":"1.9-a1"},{"introduced":"0"},{"last_affected":"1.9-b1"},{"introduced":"0"},{"last_affected":"1.9-rc1"},{"introduced":"0"},{"last_affected":"1.9-rc2"},{"introduced":"0"},{"last_affected":"1.9.1"},{"introduced":"0"},{"last_affected":"1.9.2"},{"introduced":"0"},{"last_affected":"1.9.3"},{"introduced":"0"},{"last_affected":"1.9.4"},{"introduced":"0"},{"last_affected":"1.9.5"},{"introduced":"0"},{"last_affected":"1.9.6"},{"introduced":"0"},{"last_affected":"1.9.7"},{"introduced":"0"},{"last_affected":"1.9.8"},{"introduced":"0"},{"last_affected":"1.9.9"},{"introduced":"0"},{"last_affected":"1.9.10"},{"introduced":"0"},{"last_affected":"1.9.11"},{"introduced":"0"},{"last_affected":"1.9.12"},{"introduced":"0"},{"last_affected":"1.10.1"},{"introduced":"0"},{"last_affected":"1.10.2"},{"introduced":"0"},{"last_affected":"1.10.3"},{"introduced":"0"},{"last_affected":"1.10.4"},{"introduced":"0"},{"last_affected":"1.10.5"},{"introduced":"0"},{"last_affected":"1.10.6"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-a1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-b1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-b2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-c1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0-a1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0-b1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0-rc1"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7234.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}