id: CVE-2018-14574 info: name: Django Open Redirect author: pikpikcu severity: medium tags: cve,cve2018,django,redirect classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.10 cve-id: CVE-2018-14574 cwe-id: CWE-601 description: "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect." reference: - https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ - https://usn.ubuntu.com/3726-1/ - http://www.securitytracker.com/id/1041403 - https://www.debian.org/security/2018/dsa-4264 - http://www.securityfocus.com/bid/104970 - https://access.redhat.com/errata/RHSA-2019:0265 requests: - method: GET path: - "{{BaseURL}}//www.example.com" matchers-condition: and matchers: - type: status status: - 301 - type: word words: - "Location: https://www.example.com" - "Location: http://www.example.com" part: header