Описание
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.2 |
| cosmic | released | 1:1.11.15-1ubuntu1.1 |
| devel | not-affected | 1:1.11.18-1ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 1.6.11-0ubuntu1.3 |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.2 |
| esm-infra/xenial | not-affected | 1.8.7-1ubuntu5.7 |
| precise/esm | DNE | |
| trusty | released | 1.6.11-0ubuntu1.3 |
| trusty/esm | not-affected | 1.6.11-0ubuntu1.3 |
| upstream | released | 1:1.11.18-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before ...
Уязвимость библиотеки Django для языка программирования Python, позволяющая нарушителю нарушить целостность защищаемой информации
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3