Vulnerability: Django - Open Redirect

Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPEND_SLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

Impact

An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks or the exploitation of other vulnerabilities.

Severity

medium

Verified

Unknown