-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability documentation and commit diff explicitly show modifications to the is_safe_url function in django/utils/http.py. The pre-patch code naively replaced backslashes with slashes (url = url.replace('\', '/')), which created an inconsistency between how browsers interpret paths and Django's safety validation. The fix introduced a secondary check (_is_safe_url) to validate both original and normalized URLs, confirming the vulnerability resided in the original implementation of is_safe_url.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| django | pip | < 1.8.10 | 1.8.10 |
| Django | pip | >= 1.9a1, < 1.9.3 | 1.9.3 |