Django Security Advisory: ImageField Abuse
Play this article
A couple of weeks ago it came out that there is a flaw in Django's ImageField which could potentially allow for phising programs to be uploaded and grab cookies or do other malicious things. While there will be no fix in Django directly you still need to take precautions on how you serve and receive files uploaded by your users. Django has a page dedicated to fixing this exact issue. Head over to their security guide and read up on the fixes. They shouldn't be too hard and shouldn't affect any user experience. Just wanted to post and let everyone know of the vulnerability.