CVE-2019-3498

Priority
Description
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before
2.1.5, an Improper Neutralization of Special Elements in Output Used by a
Downstream Component issue exists in
django.views.defaults.page_not_found(), leading to content spoofing (in a
404 error page) if a user fails to recognize that a crafted URL has
malicious content.
Assigned-to
mdeslaur
Package
Upstream:released (1:1.11.18-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.11-0ubuntu1.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.8.7-1ubuntu5.7)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:1.11.11-1ubuntu1.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:1.11.15-1ubuntu1.1)
Ubuntu 19.04 (Disco Dingo):not-affected (1:1.11.18-1ubuntu2)
Patches:
Upstream:https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a (1.11.x)
Upstream:https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b (2.1.x)
More Information

Updated: 2019-01-16 08:16:19 UTC (commit 2bdac750e0c69a912ea3215899a008d8e9041ddb)