CVE-2014-3730 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-3730 Interim 1 10 2023-02-12T02:41:06Z current 2021-05-30T13:21:34Z 2023-02-12T02:41:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-3730 The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2014-June/000894.html E-Mail link for SUSE-SU-2014:0851-1 https://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html E-Mail link for openSUSE-SU-2014:1132-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 3.0 python-django-1.5.8-0.7.1 python-django-1.5.8-0.7.1 as a component of SUSE OpenStack Cloud 3.0 The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com." CVE-2014-3730 SUSE OpenStack Cloud 3.0:python-django-1.5.8-0.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N