{"id":"CVE-2018-14574","details":"django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.","aliases":["GHSA-5hg3-6c2f-f3wr","PYSEC-2018-2"],"modified":"2026-03-23T05:00:55.171846Z","published":"2018-08-03T17:29:00.250Z","related":["SUSE-SU-2018:3549-1","SUSE-SU-2019:1862-1","openSUSE-SU-2018:2327-1","openSUSE-SU-2018:2809-1","openSUSE-SU-2023:0077-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104970"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041403"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0265"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3726-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4264"},{"type":"FIX","url":"https://www.djangoproject.com/weblog/2018/aug/01/security-releases/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/django/django","events":[{"introduced":"c669cf279ae7b3e02a61db4fb077030a4db80e4f"},{"fixed":"6010da2fbda5eee76b6ec586112561dd26b650e8"},{"introduced":"8c85c8692240e5ae4b568eb4272475fe1fa4b059"},{"fixed":"b83b44f40ca18f12d60bf25c89ff2ca50e402003"}],"database_specific":{"versions":[{"introduced":"1.11"},{"fixed":"1.11.15"},{"introduced":"2.0"},{"fixed":"2.0.8"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14574.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}