ALPINE-CVE-2017-7234
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 04 Apr 2017, 17:59
Last modified:19 Nov 2025, 06:10
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
6.1 MEDIUM
3.0 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
04 Apr 2017, 17:59
Published
Vulnerability first disclosed
19 Nov 2025, 06:10
Last Modified
Vulnerability information updated
Description
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
CVSS Metrics
- v3.0•MEDIUM•Score: 6.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Systems
- alpine•py-django
< 1.10.7-r0 | < 1.8.18-r0 | < 1.8.18-r0 | < 1.8.18-r0 | < 1.8.18-r0 | < 1.10.7-r0 | < 1.10.7-r0 | < 1.10.7-r0 | < 1.10.7-r0
- alpine•py3-django
< 1.10.7-r0 | < 1.10.7-r0