← Voltar para CVEs
CVE-2019-3498
N/ADescricao
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado1/9/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
canonical:ubuntu_linuxdebian:debian_linuxdjangoproject:djangofedoraproject:fedora
Fraquezas (CWE)
CWE-74
Referencias
http://www.securityfocus.com/bid/106453(cve@mitre.org)
https://docs.djangoproject.com/en/dev/releases/security/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/(cve@mitre.org)
https://usn.ubuntu.com/3851-1/(cve@mitre.org)
https://www.debian.org/security/2019/dsa-4363(cve@mitre.org)
http://www.securityfocus.com/bid/106453(af854a3a-2127-422b-91ae-364da2661108)
https://docs.djangoproject.com/en/dev/releases/security/(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/forum/#%21topic/django-announce/VYU7xQQTEPQ(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/01/msg00005.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3851-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4363(af854a3a-2127-422b-91ae-364da2661108)
https://www.djangoproject.com/weblog/2019/jan/04/security-releases/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.