GHSA-337x-4q8g-prc5

Source

https://github.com/advisories/GHSA-337x-4q8g-prc5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-337x-4q8g-prc5/GHSA-337x-4q8g-prc5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-337x-4q8g-prc5

Aliases

Published

2019-01-14T16:20:05Z

Modified

2024-09-20T16:18:41.412737Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Improper Input Validation in Django

Details

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

References

Affected packages

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.11a1

Fixed

1.11.18

Affected versions

1.*

1.11a1

1.11b1

1.11rc1

1.11

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.11.10

1.11.11

1.11.12

1.11.13

1.11.14

1.11.15

1.11.16

1.11.17

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0a1

Fixed

2.0.10

Affected versions

2.*

2.0a1

2.0b1

2.0rc1

2.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

PyPI / django

Package

Name: django; View open source insights on deps.dev
Purl: pkg:pypi/django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1a1

Fixed

2.1.5

Affected versions

2.*

2.1a1

2.1b1

2.1rc1

2.1

2.1.1

2.1.2

2.1.3

2.1.4