Andreas Hug

**Name of the Vulnerable Software and Affected Versions** Django versions 1.11.x through 1.11.14 Django versions 2.0.x through 2.0.7 **Description** The issue is related to an Open Redirect in the `django.middleware.common.CommonMiddleware` module of the Django framework. This occurs due to incorrect handling of URL patterns ending with a `/` when both `django.middleware.common.CommonMiddleware` and `APPEND SLASH` options are active. Exploitation of this issue could allow a remote attacker to redirect a user to a malicious URI. **Recommendations** For Django versions 1.11.x through 1.11.14, update to version 1.11.15 or later. For Django versions 2.0.x through 2.0.7, update to version 2.0.8 or later. As a temporary workaround, consider disabling the `django.middleware.common.CommonMiddleware` module until a patch is available. Restrict access to URLs that could be used for open redirects to minimize the risk of exploitation.