Main Vulnerability Database SB2018092205

SB2018092205 - OpenSUSE Linux update for python-Django1

Published: September 22, 2018

Security Bulletin ID SB2018092205

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Open redirect (CVE-ID: CVE-2018-14574)

The vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.

The weakness exists on systems with django.middleware.common.CommonMiddleware and the APPEND_SLASH setting enabled and with a project that has a URL pattern that accepts any path ending in a slash due to open redirect. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2018-09/msg00058.html