CVE-2018-14574

Name of the Vulnerable Software and Affected Versions Django versions 1.11.x through 1.11.14 Django versions 2.0.x through 2.0.7

Description The issue is related to an Open Redirect in the django.middleware.common.CommonMiddleware module of the Django framework. This occurs due to incorrect handling of URL patterns ending with a / when both django.middleware.common.CommonMiddleware and APPEND SLASH options are active. Exploitation of this issue could allow a remote attacker to redirect a user to a malicious URI.

Recommendations For Django versions 1.11.x through 1.11.14, update to version 1.11.15 or later. For Django versions 2.0.x through 2.0.7, update to version 2.0.8 or later. As a temporary workaround, consider disabling the django.middleware.common.CommonMiddleware module until a patch is available. Restrict access to URLs that could be used for open redirects to minimize the risk of exploitation.