vulnerability
FreeBSD: VID-3E41C1A6-10BC-11E9-BD85-FCAA147E860E (CVE-2019-3498): Django -- Content spoofing possibility in the default 404 page
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jan 3, 2019 | Jan 6, 2019 | May 7, 2019 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jan 3, 2019
Added
Jan 6, 2019
Modified
May 7, 2019
Description
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
Solution(s)
freebsd-upgrade-package-py27-django111freebsd-upgrade-package-py35-django111freebsd-upgrade-package-py35-django20freebsd-upgrade-package-py35-django21freebsd-upgrade-package-py36-django111freebsd-upgrade-package-py36-django20freebsd-upgrade-package-py36-django21freebsd-upgrade-package-py37-django111freebsd-upgrade-package-py37-django20freebsd-upgrade-package-py37-django21

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.