Description
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2009-1020 Vulnerability (CVE-2009-1020)
MySQL CVE-2024-21090 Vulnerability (CVE-2024-21090)
MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-20225)
WordPress Plugin Crelly Slider Arbitrary File Upload (1.3.4)
Jenkins Improper Input Validation Vulnerability (CVE-2018-1000068)