Miggo Logo
Miggo Vulnerability Database
CVE-2018-14574

CVE-2018-14574: Django open redirect

6.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-14574
GHSA ID
GHSA-5hg3-6c2f-f3wr
EPSS Score
0.9416%
CWE
CWE-601
Published
10/4/2018
Updated
9/17/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
djangopip>= 2.0, < 2.0.82.0.8
Djangopip>= 1.11, < 1.11.151.11.15

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from two key areas: 1) CommonMiddleware's URL redirection logic in get_full_path_with_slash didn't escape leading slashes when constructing redirect URLs, allowing scheme-relative URLs. 2) The URL resolver's _reverse_with_prefix function similarly didn't handle leading slashes properly. The commits show both locations were patched with escape_leading_slashes calls. The CVE description and patch diffs confirm these functions were the attack vectors for open redirects when APPEND_SLASH was enabled and specific URL patterns existed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`*j*n*o.mi**l*w*r*.*ommon.*ommonMi**l*w*r*` in *j*n*o *.**.x ***or* *.**.** *n* *.*.x ***or* *.*.* **s *n Op*n R**ir**t.

Reasoning

T** vuln*r**ility st*mm** *rom two k*y *r**s: *) *ommonMi**l*w*r*'s URL r**ir**tion lo*i* in **t_*ull_p*t*_wit*_sl*s* *i*n't *s**p* l***in* sl*s**s w**n *onstru*tin* r**ir**t URLs, *llowin* s***m*-r*l*tiv* URLs. *) T** URL r*solv*r's _r*v*rs*_wit*_pr