GHSA-337x-4q8g-prc5

Suggest an improvement
Source
https://github.com/advisories/GHSA-337x-4q8g-prc5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-337x-4q8g-prc5/GHSA-337x-4q8g-prc5.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-337x-4q8g-prc5
Aliases
Published
2019-01-14T16:20:05Z
Modified
2024-11-19T05:26:12.283462Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Improper Input Validation in Django
Details

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Database specific
{
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:53:52Z"
}
References

Affected packages

PyPI / django

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.11a1
Fixed
1.11.18

Affected versions

1.*

1.11a1
1.11b1
1.11rc1
1.11
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.11.10
1.11.11
1.11.12
1.11.13
1.11.14
1.11.15
1.11.16
1.11.17

PyPI / django

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0a1
Fixed
2.0.10

Affected versions

2.*

2.0a1
2.0b1
2.0rc1
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9

PyPI / django

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1a1
Fixed
2.1.5

Affected versions

2.*

2.1a1
2.1b1
2.1rc1
2.1
2.1.1
2.1.2
2.1.3
2.1.4