VYPR

rpm package

suse/python-django-grappelli&distro=SUSE Package Hub 15 SP4

pkg:rpm/suse/python-django-grappelli&distro=SUSE%20Package%20Hub%2015%20SP4

Vulnerabilities (1)

  • CVE-2021-46898MedOct 22, 2023
    affected < 2.14.4-bp154.2.3.1fixed 2.14.4-bp154.2.3.1

    views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.