CVE-2015-2317 Medium Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github]

CVE-2015-2317 - Medium Severity Vulnerability

Vulnerable Library - Django-1.7.1-py2.py3-none-any.whl

A high-level Python Web framework that encourages rapid development and clean, pragmatic design.

path: /example-python/requirements.txt

Library home page: https://pypi.python.org/packages/d2/29/1935a5825b8820d1e398ab83f0730d483ec731fae34745ddac8318cf6ac8/Django-1.7.1-py2.py3-none-any.whl

Dependency Hierarchy:

• ❌ Django-1.7.1-py2.py3-none-any.whl (Vulnerable Library)

Vulnerability Details

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.

Publish Date: 2015-03-25

URL: CVE-2015-2317

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-2317

Release Date: 2015-03-25

Fix Resolution: 1.4.20,1.6.11,1.7.7,1.8c1

---

Step up your Open Source Security Game with WhiteSource here