CVE-2021-46898

Name of the Vulnerable Software and Affected Versions django-grappelli versions prior to 2.15.2

Description The issue arises from the views/switch.py file in django-grappelli, which attempts to prevent external redirection by checking if a URL starts with /. However, this approach does not account for protocol-relative URLs, such as //example.com, making it vulnerable to attack.

Recommendations For versions prior to 2.15.2, update to version 2.15.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the views/switch.py file until a patch is available.