[3.5] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)
If the django.middleware.common.CommonMiddleware and the APPEND_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks.
Fixed In Version:
Django 1.11.15 and Django 2.0.8
(from redmine: issue id 9178, created on 2018-08-02, closed on 2018-08-07)