7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2014-3730

GHSA ID

GHSA-vq3h-3q7v-9prw

EPSS Score

0.75867%

CWE

CWE-20

Published

5/14/2022

Updated

9/18/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2014-3730

CVE-2014-3730:
Django Allows Open Redirects

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\djangoproject.com."

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2014-3730

GHSA ID

GHSA-vq3h-3q7v-9prw

EPSS Score

0.75867%

CWE

CWE-20

Published

5/14/2022

Updated

9/18/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Django	pip	>= 1.4, < 1.4.13	1.4.13
Django	pip	>= 1.5, < 1.5.8	1.5.8
Django	pip	>= 1.6, < 1.6.5	1.6.5
Django	pip	>= 1.7a1, < 1.7b4	1.7b4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability documentation explicitly identifies django.util.http.is_safe_url as the root cause. The GitHub commit diff shows critical security-focused modifications to this function, including adding backslash replacement, triple-slash checks, and hostname validation. Multiple advisories (CVE-2014-3730, GHSA-vq3h-3q7v-9prw) and patch notes confirm these changes were required to prevent open redirects. The function's pre-patch behavior matches the described vulnerability symptoms of improper URL validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** `*j*n*o.util.*ttp.is_s***_url` *un*tion in *j*n*o *.* ***or* *.*.**, *.* ***or* *.*.*, *.* ***or* *.*.*, *n* *.* ***or* *.*** *o*s not prop*rly v*li**t* URLs, w*i** *llows r*mot* *tt**k*rs to *on*u*t op*n r**ir**t *tt**ks vi* * m*l*orm** URL, *s

Reasoning

T** vuln*r**ility *o*um*nt*tion *xpli*itly i**nti*i*s *j*n*o.util.*ttp.is_s***_url *s t** root **us*. T** *it*u* *ommit *i** s*ows *riti**l s**urity-*o*us** mo*i*i**tions to t*is *un*tion, in*lu*in* ***in* ***ksl*s* r*pl***m*nt, tripl*-sl*s* ****ks,

7.5

Basic Information

Concerned about an active attack path?

CVE-2014-3730: Django Allows Open Redirects

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2014-3730:
Django Allows Open Redirects

Vulnerability Intelligence
Miggo AI