Peter Kuma

**Name of the Vulnerable Software and Affected Versions** Django versions 1.4 through 1.4.12 Django versions 1.5 through 1.5.7 Django versions 1.6 through 1.6.4 Django versions 1.7 through 1.7b3 **Description** The `django.util.http.is safe url` function does not properly validate URLs, allowing remote attackers to conduct open redirect attacks via a malformed URL. **Recommendations** For Django versions 1.4 through 1.4.12, update to version 1.4.13 or later. For Django versions 1.5 through 1.5.7, update to version 1.5.8 or later. For Django versions 1.6 through 1.6.4, update to version 1.6.5 or later. For Django versions 1.7 through 1.7b3, update to version 1.7b4 or later.