rpm package
suse/python-django-grappelli&distro=SUSE Package Hub 15 SP5
pkg:rpm/suse/python-django-grappelli&distro=SUSE%20Package%20Hub%2015%20SP5
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46898 | Med | 6.1 | < 2.14.4-bp155.3.3.1 | 2.14.4-bp155.3.3.1 | Oct 22, 2023 | views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. |
- affected < 2.14.4-bp155.3.3.1fixed 2.14.4-bp155.3.3.1
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.