The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
Fixed is_safe_url() to reject URLs that use a scheme other than HTTP/S.
This is a security fix; disclosure to follow shortly.
by
Kristine the Pool Frog 2013-08-13 16:00:13 UTC
commit ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a
Django
Fix
CVE-2013-6044
VCC
URL Is Not Safe CVE-2014-3730
VCC
URL Not Validated CVE-2015-2317
django/contrib/auth/tests/views.py
+2
-6
django/utils/http.py
+3
-4
expand_less
The Vulnerability History Project