Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Django ‘core.urlresolvers.reverse’函数输入验证漏洞
Vulnerability Description
Django是Django软件基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。 Django的‘core.urlresolvers.reverse’函数中存在安全漏洞,该漏洞源于程序没有正确验证URLs。远程攻击者可通过在URL中添加‘//’利用该漏洞实施钓鱼攻击。以下本版本受到影响:Django 1.4.13及之前版本,1.5.9之前1.5.x版本,1.6.6之前1.6.x版本,release candidate 3之前1.7版本。
CVSS Information
N/A
Vulnerability Type
N/A