Description

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.

Remediation

References

CVE-2014-0480

Related Vulnerabilities

Oracle HTTP Server CVE-2014-0098 Vulnerability (CVE-2014-0098)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-14641)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-30596)

MySQL CVE-2022-21254 Vulnerability (CVE-2022-21254)

Jenkins Observable Discrepancy Vulnerability (CVE-2022-34174)

Severity

Medium

Classification

CVE-2014-0480 CWE-20

Tags

Missing Update Known Vulnerabilities