CVE-2019-3498

Priority
Description
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before
2.1.5, an Improper Neutralization of Special Elements in Output Used by a
Downstream Component issue exists in
django.views.defaults.page_not_found(), leading to content spoofing (in a
404 error page) if a user fails to recognize that a crafted URL has
malicious content.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1:1.11.18-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.6.11-0ubuntu1.3])
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu5.7)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:1.11.11-1ubuntu1.2)
Ubuntu 19.04 (Disco Dingo):not-affected (1:1.11.18-1ubuntu2)
Patches:
Upstream:https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a (1.11.x)
Upstream:https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b (2.1.x)
More Information

Updated: 2019-12-05 18:51:33 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)