PYSEC-2019-17

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/django/PYSEC-2019-17.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2019-17
Aliases
Published
2019-01-09T23:29:00Z
Modified
2023-11-01T05:44:08.748724Z
Summary
[none]
Details

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

References

Affected packages

PyPI / django

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.11
Fixed
1.11.18
Introduced
2.0
Fixed
2.0.10
Introduced
2.1
Fixed
2.1.5

Affected versions

1.*

1.11
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
1.11.7
1.11.8
1.11.9
1.11.10
1.11.11
1.11.12
1.11.13
1.11.14
1.11.15
1.11.16
1.11.17

2.*

2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1
2.1.1
2.1.2
2.1.3
2.1.4