vulnerability

FreeBSD: VID-3E41C1A6-10BC-11E9-BD85-FCAA147E860E (CVE-2019-3498): Django -- Content spoofing possibility in the default 404 page

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jan 3, 2019
Added
Jan 6, 2019
Modified
May 7, 2019

Description

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Solution(s)

freebsd-upgrade-package-py27-django111freebsd-upgrade-package-py35-django111freebsd-upgrade-package-py35-django20freebsd-upgrade-package-py35-django21freebsd-upgrade-package-py36-django111freebsd-upgrade-package-py36-django20freebsd-upgrade-package-py36-django21freebsd-upgrade-package-py37-django111freebsd-upgrade-package-py37-django20freebsd-upgrade-package-py37-django21
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.