From c4e5ff7fdb5fce447675e90291fd33fddd052b3c Mon Sep 17 00:00:00 2001 From: Andreas Hug Date: Tue, 24 Jul 2018 16:18:17 -0400 Subject: [2.1.x] Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware. --- docs/releases/1.11.15.txt | 13 +++++++++++++ docs/releases/2.0.8.txt | 13 +++++++++++++ 2 files changed, 26 insertions(+) (limited to 'docs') diff --git a/docs/releases/1.11.15.txt b/docs/releases/1.11.15.txt index 397681d52e..fca551e772 100644 --- a/docs/releases/1.11.15.txt +++ b/docs/releases/1.11.15.txt @@ -5,3 +5,16 @@ Django 1.11.15 release notes *August 1, 2018* Django 1.11.15 fixes a security issue in 1.11.14. + +CVE-2018-14574: Open redirect possibility in ``CommonMiddleware`` +================================================================= + +If the :class:`~django.middleware.common.CommonMiddleware` and the +:setting:`APPEND_SLASH` setting are both enabled, and if the project has a +URL pattern that accepts any path ending in a slash (many content management +systems have such a pattern), then a request to a maliciously crafted URL of +that site could lead to a redirect to another site, enabling phishing and other +attacks. + +``CommonMiddleware`` now escapes leading slashes to prevent redirects to other +domains. diff --git a/docs/releases/2.0.8.txt b/docs/releases/2.0.8.txt index 8a03071075..849f80d3f8 100644 --- a/docs/releases/2.0.8.txt +++ b/docs/releases/2.0.8.txt @@ -6,6 +6,19 @@ Django 2.0.8 release notes Django 2.0.8 fixes a security issue and several bugs in 2.0.7. +CVE-2018-14574: Open redirect possibility in ``CommonMiddleware`` +================================================================= + +If the :class:`~django.middleware.common.CommonMiddleware` and the +:setting:`APPEND_SLASH` setting are both enabled, and if the project has a +URL pattern that accepts any path ending in a slash (many content management +systems have such a pattern), then a request to a maliciously crafted URL of +that site could lead to a redirect to another site, enabling phishing and other +attacks. + +``CommonMiddleware`` now escapes leading slashes to prevent redirects to other +domains. + Bugfixes ======== -- cgit v1.3