mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
98 lines
3.0 KiB
JSON
98 lines
3.0 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2014-3730",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by \"http:\\\\\\djangoproject.com.\""
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "[oss-security] 20140514 CVE Reuest: Django: Malformed URLs from user input incorrectly validated",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://www.openwall.com/lists/oss-security/2014/05/14/10"
|
|
},
|
|
{
|
|
"name" : "[oss-security] 20140514 Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated",
|
|
"refsource" : "MLIST",
|
|
"url" : "http://www.openwall.com/lists/oss-security/2014/05/15/3"
|
|
},
|
|
{
|
|
"name" : "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/"
|
|
},
|
|
{
|
|
"name" : "DSA-2934",
|
|
"refsource" : "DEBIAN",
|
|
"url" : "http://www.debian.org/security/2014/dsa-2934"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2014:1132",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html"
|
|
},
|
|
{
|
|
"name" : "USN-2212-1",
|
|
"refsource" : "UBUNTU",
|
|
"url" : "http://ubuntu.com/usn/usn-2212-1"
|
|
},
|
|
{
|
|
"name" : "67410",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/67410"
|
|
},
|
|
{
|
|
"name" : "61281",
|
|
"refsource" : "SECUNIA",
|
|
"url" : "http://secunia.com/advisories/61281"
|
|
}
|
|
]
|
|
}
|
|
}
|