[3.4] py-django: security issues (CVE-2017-7233, CVE-2017-7234)
CVE-2017-7233: Open redirect and possible XSS attack via user-supplied numeric redirect URLs
CVE-2017-7234: Open redirect vulnerability in django.views.static.serve()
Fixed in:
py-django 1.10.7, 1.9.13, and 1.8.18
References:
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
(from redmine: issue id 7097, created on 2017-04-06, closed on 2017-04-06)
- Relations:
- parent #7094 (closed)