vulnerability

Ubuntu: USN-3559-1 (CVE-2017-12794): Django vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Sep 7, 2017	Feb 8, 2018	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Sep 7, 2017

Added

Feb 8, 2018

Modified

Mar 27, 2026

Description

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.

Solutions

ubuntu-upgrade-python-djangoubuntu-upgrade-python3-django

References

CVE-2017-12794
https://attackerkb.com/topics/CVE-2017-12794
CWE-79
EUVD-EUVD-2017-0025
NVD-CVE-2017-12794
UBUNTU-USN-3559-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-0025

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report