-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description explicitly identifies is_safe_url in utils/http.py as the source. The commit diff shows the function was modified to add scheme validation (checking for 'http'/'https'), and test cases were added to verify rejection of 'javascript:' URLs. The CWE-79 classification confirms this is an XSS vector due to improper input validation in this function.
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Django | pip | >= 1.4, < 1.4.6 | 1.4.6 |
| Django | pip | >= 1.5, < 1.5.2 | 1.5.2 |
Ongoing coverage of React2Shell