The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
Added additional checks in is_safe_url to account for flexible parsing.
This is a security fix. Disclosure following shortly.
by
Jerome the Yellow Eyed Penguin 2014-05-12 11:38:39 UTC
commit 255449c1ee61c14778658caae8c430fa4d76afd6
Django
VCC
URL Not Validated CVE-2015-2317
VCC
CVE-2016-2512
VCC
Unsafe-URLS's CVE-2017-7233
django/contrib/auth/tests/test_views.py
+4
-8
django/utils/http.py
-12
tests/utils_tests/test_http.py
-30
expand_less
The Vulnerability History Project