Ubuntu Security Notice 3254-1 - It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. Phithon Gong discovered that Django incorrectly handled certain URLs when the jango.views.static.serve view is being used. A remote attacker could possibly use a Django server as an open redirect.
801ae2bcbebfea2c9051c6832ae1dc3ea158685668ddfea06d6087a5c8b1837a