CVE-2019-3498 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=1.11a1 <1.11.18 || >=2.0a1 <2.0.10 || >=2.1a1 <2.1.5

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02373 pctl0.84376

Details

Improper Input Validation in Django In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in `django.views.defaults.page_not_found()`, leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Metadata

Created: 2019-01-14T16:20:05Z
Modified: 2024-11-18T16:26:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-337x-4q8g-prc5/GHSA-337x-4q8g-prc5.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-337x-4q8g-prc5
Finding: F184
Auto approve: 1