{"id":"CVE-2017-7234","details":"A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.","aliases":["GHSA-h4hv-m4h4-mhwg","PYSEC-2017-10"],"modified":"2026-04-02T00:14:25.945777Z","published":"2017-04-04T17:59:00.303Z","related":["MGASA-2017-0106","SUSE-SU-2018:0973-1","SUSE-SU-2018:1102-1","openSUSE-SU-2018:0632-1","openSUSE-SU-2023:0077-1","openSUSE-SU-2024:11205-1","openSUSE-SU-2024:13887-1","openSUSE-SU-2024:14208-1","openSUSE-SU-2026:10005-1"],"references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1038177"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3835"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97401"},{"type":"ADVISORY","url":"https://www.djangoproject.com/weblog/2017/apr/04/security-releases/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/django/django","events":[{"introduced":"0"},{"last_affected":"e3c9412d86c3c394e2604e63f3b51c102ae3e3d7"},{"introduced":"0"},{"last_affected":"449d1effb81152e54f482784cf7febe965007096"},{"introduced":"0"},{"last_affected":"4217f1cdeb070707e54fec8221b9e63e3957ef38"},{"introduced":"0"},{"last_affected":"acc3c1df8474f424b2f179bac03d0e9a6bc9aba0"},{"introduced":"0"},{"last_affected":"b35adb0909b25a7dafc9212ddedfbf9b29dc05b8"},{"introduced":"0"},{"last_affected":"80b7e9d09f2d23209b591288f9b2cf3eb3d927c8"},{"introduced":"0"},{"last_affected":"8dd33d429892fc06cc9aa655012491f029f5f491"},{"introduced":"0"},{"last_affected":"a1f5bafac51f973cc7219d3b7c96587fe7066920"},{"introduced":"0"},{"last_affected":"c982190acf7bcfba5e78a7505a45774916865569"},{"introduced":"0"},{"last_affected":"ef08d8cf9e0d1ca62c6c291575d9e306cb09afcb"},{"introduced":"0"},{"last_affected":"a98e00f06834e5fdc945c2aca2c3498efb06ac7d"},{"introduced":"0"},{"last_affected":"c168aeba175dbb92c615460a360cb1ea978de5d3"},{"introduced":"0"},{"last_affected":"4022b2c306e88a4ab7f80507e736ce7ac7d01186"},{"introduced":"0"},{"last_affected":"9fbdc48c493f43961173bab8f23d633ab41a9608"},{"introduced":"0"},{"last_affected":"25e416ca0f3ea6035c8d797dcc9604bc32202268"},{"introduced":"0"},{"last_affected":"aa10ba096169dcbd3e47303f6b6de59acfe883c1"},{"introduced":"0"},{"last_affected":"d3d12fc11da56e4ea8af37a22a9a0aa6579ab2d5"},{"introduced":"0"},{"last_affected":"3df8ccf6fc3fa0ab2acf9a03da43fea87f8ff392"},{"introduced":"0"},{"last_affected":"e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd"},{"introduced":"0"},{"last_affected":"e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd"},{"introduced":"0"},{"last_affected":"82533e31c2525d9b1a77fc804330e925e8f109f0"},{"introduced":"0"},{"last_affected":"56b3416939ca921cac54b6c79e1b445cbff34098"},{"introduced":"0"},{"last_affected":"e70a309c428cfd4e600dc9fa0c7269b1e7a8efcd"},{"introduced":"0"},{"last_affected":"c00335997744196738368f46c30ef2eeaa0ac849"},{"introduced":"0"},{"last_affected":"37935743edbf60201adb1b53b56b8cafa754c69a"},{"introduced":"0"},{"last_affected":"dafddb6b8c0eb778072bec1ccd536bafad0eb936"},{"introduced":"0"},{"last_affected":"b29316c54bb3465265ff931e807229f13349457d"},{"introduced":"0"},{"last_affected":"6e749c21e77dc74af068c8e943a6e6850ae0bb24"},{"introduced":"0"},{"last_affected":"8a2a3a63b83375d9322c077b6356007e0bef5939"},{"introduced":"0"},{"last_affected":"2234d1f08d079a3e4be4f1a89847dc294a4a5c1a"},{"introduced":"0"},{"last_affected":"e8bb7464c562388da48bca04c5996fe16a0c3619"},{"introduced":"0"},{"last_affected":"f49602ad46b447c5a27d47b0e89b3440109211a4"},{"introduced":"0"},{"last_affected":"52db0d5742777a77717df5b1e85d056910a2515d"},{"introduced":"0"},{"last_affected":"448fcd66e6ffce0d000d38a07e6d61823fa14107"},{"introduced":"0"},{"last_affected":"bd97496d07466f3a940e2fcc114b540ca01cd340"},{"introduced":"0"},{"last_affected":"e99ebfcc140a5f794e259994f9252cb440459143"},{"introduced":"0"},{"last_affected":"46b40274dd44921f72a59771ecb3d2b2c7b3aa0b"},{"introduced":"0"},{"last_affected":"4c047e90b62529681dc691bc935036108d6b0324"},{"introduced":"0"},{"last_affected":"6157cd6da1b27716e8f3d1ed692a6e33d970ae46"},{"introduced":"0"},{"last_affected":"320ec4ed27c254a87e09a70601b1b27ae0a0456e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.2"},{"introduced":"0"},{"last_affected":"1.8.3"},{"introduced":"0"},{"last_affected":"1.8.4"},{"introduced":"0"},{"last_affected":"1.8.5"},{"introduced":"0"},{"last_affected":"1.8.6"},{"introduced":"0"},{"last_affected":"1.8.7"},{"introduced":"0"},{"last_affected":"1.8.8"},{"introduced":"0"},{"last_affected":"1.8.9"},{"introduced":"0"},{"last_affected":"1.8.10"},{"introduced":"0"},{"last_affected":"1.8.11"},{"introduced":"0"},{"last_affected":"1.8.12"},{"introduced":"0"},{"last_affected":"1.8.13"},{"introduced":"0"},{"last_affected":"1.8.14"},{"introduced":"0"},{"last_affected":"1.8.15"},{"introduced":"0"},{"last_affected":"1.8.16"},{"introduced":"0"},{"last_affected":"1.8.17"},{"introduced":"0"},{"last_affected":"1.9"},{"introduced":"0"},{"last_affected":"1.9-a1"},{"introduced":"0"},{"last_affected":"1.9-b1"},{"introduced":"0"},{"last_affected":"1.9-rc1"},{"introduced":"0"},{"last_affected":"1.9-rc2"},{"introduced":"0"},{"last_affected":"1.9.1"},{"introduced":"0"},{"last_affected":"1.9.2"},{"introduced":"0"},{"last_affected":"1.9.3"},{"introduced":"0"},{"last_affected":"1.9.4"},{"introduced":"0"},{"last_affected":"1.9.5"},{"introduced":"0"},{"last_affected":"1.9.6"},{"introduced":"0"},{"last_affected":"1.9.7"},{"introduced":"0"},{"last_affected":"1.9.8"},{"introduced":"0"},{"last_affected":"1.9.9"},{"introduced":"0"},{"last_affected":"1.9.10"},{"introduced":"0"},{"last_affected":"1.9.11"},{"introduced":"0"},{"last_affected":"1.9.12"},{"introduced":"0"},{"last_affected":"1.10.1"},{"introduced":"0"},{"last_affected":"1.10.2"},{"introduced":"0"},{"last_affected":"1.10.3"},{"introduced":"0"},{"last_affected":"1.10.4"},{"introduced":"0"},{"last_affected":"1.10.5"},{"introduced":"0"},{"last_affected":"1.10.6"}]}}],"versions":["1.0","1.0.1","1.0.2","1.0.3","1.0.4","1.1","1.1.1","1.1.2","1.1.3","1.1.4","1.10a1","1.10b1","1.11","1.11.1","1.11.10","1.11.11","1.11.12","1.11.13","1.11.14","1.11.15","1.11.16","1.11.17","1.11.18","1.11.19","1.11.2","1.11.20","1.11.21","1.11.22","1.11.23","1.11.24","1.11.25","1.11.26","1.11.27","1.11.28","1.11.29","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.11a1","1.11b1","1.11rc1","1.2","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.3","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.4","1.4.1","1.4.10","1.4.11","1.4.12","1.4.13","1.4.14","1.4.15","1.4.16","1.4.17","1.4.18","1.4.19","1.4.2","1.4.20","1.4.21","1.4.22","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.5","1.5.1","1.5.10","1.5.11","1.5.12","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9","1.5a1","1.5b1","1.5b2","1.5c1","1.5c2","1.6","1.6.1","1.6.10","1.6.11","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6a1","1.6b1","1.6b2","1.6b3","1.6b4","1.6c1","1.7","1.7.1","1.7.10","1.7.11","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.7a1","1.7a2","1.7b1","1.7b2","1.7b3","1.7b4","1.7c1","1.7c2","1.7c3","1.8a1","1.8b1","1.8b2","1.9a1","1.9b1","2.0","2.0.1","2.0.10","2.0.11","2.0.12","2.0.13","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.0a1","2.0b1","2.0rc1","2.1","2.1.1","2.1.10","2.1.11","2.1.12","2.1.13","2.1.14","2.1.15","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9","2.1a1","2.1b1","2.1rc1","2.2","2.2.1","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.2","2.2.20","2.2.21","2.2.22","2.2.23","2.2.24","2.2.25","2.2.26","2.2.27","2.2.28","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.2a1","2.2b1","2.2rc1","3.0","3.0.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.0a1","3.0b1","3.0rc1","3.1","3.1.1","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1a1","3.1b1","3.1rc1","3.2","3.2.1","3.2.10","3.2.11","3.2.12","3.2.13","3.2.14","3.2.15","3.2.16","3.2.17","3.2.18","3.2.19","3.2.2","3.2.20","3.2.21","3.2.22","3.2.23","3.2.24","3.2.25","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","3.2a1","3.2b1","3.2rc1","4.0","4.0.1","4.0.10","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.0a1","4.0b1","4.0rc1","4.1","4.1.1","4.1.10","4.1.11","4.1.12","4.1.13","4.1.2","4.1.3","4.1.4","4.1.5","4.1.6","4.1.7","4.1.8","4.1.9","4.1a1","4.1b1","4.1rc1","4.2","4.2.1","4.2.10","4.2.11","4.2.12","4.2.13","4.2.14","4.2.15","4.2.16","4.2.17","4.2.18","4.2.19","4.2.2","4.2.20","4.2.21","4.2.22","4.2.23","4.2.24","4.2.25","4.2.26","4.2.27","4.2.28","4.2.29","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.9","4.2a1","4.2b1","4.2rc1","5.0","5.0.1","5.0.10","5.0.11","5.0.12","5.0.13","5.0.14","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.0.9","5.0a1","5.0b1","5.0rc1","5.1","5.1.1","5.1.10","5.1.11","5.1.12","5.1.13","5.1.14","5.1.15","5.1.2","5.1.3","5.1.4","5.1.5","5.1.6","5.1.7","5.1.8","5.1.9","5.1a1","5.1b1","5.1rc1","5.2","5.2.1","5.2.10","5.2.11","5.2.12","5.2.2","5.2.3","5.2.4","5.2.5","5.2.6","5.2.7","5.2.8","5.2.9","5.2a1","5.2b1","5.2rc1","6.0","6.0.1","6.0.2","6.0.3","6.0a1","6.0b1","6.0rc1","archive/attic/boulder-oracle-sprint","archive/attic/full-history","archive/attic/generic-auth","archive/attic/gis","archive/attic/i18n","archive/attic/magic-removal","archive/attic/multi-auth","archive/attic/multiple-db-support","archive/attic/new-admin","archive/attic/newforms-admin","archive/attic/per-object-permissions","archive/attic/queryset-refactor","archive/attic/schema-evolution","archive/attic/schema-evolution-ng","archive/attic/search-api","archive/attic/sqlalchemy","archive/attic/unicode","archive/soc2009/admin-ui","archive/soc2009/http-wsgi-improvements","archive/soc2009/i18n-improvements","archive/soc2009/model-validation","archive/soc2009/multidb","archive/soc2009/test-improvements","archive/soc2010/app-loading","archive/soc2010/query-refactor","archive/soc2010/test-refactor","stable/0.90.x","stable/0.91.x","stable/0.95.x","stable/0.96.x","stable/1.0.x","stable/1.1.x","stable/1.11.x","stable/1.2.x","stable/1.3.x","stable/1.4.x","stable/1.5.x","stable/1.6.x","stable/1.7.x","stable/2.0.x","stable/2.1.x","stable/2.2.x","stable/3.0.x","stable/3.1.x","stable/3.2.x","stable/4.0.x","stable/4.1.x","stable/5.0.x","stable/5.1.x"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-a1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-b1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-b2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-c1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0-a1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0-b1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.10.0-rc1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7234.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}