MGASA-2019-0035

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0035.html

Import Source

https://advisories.mageia.org/MGASA-2019-0035.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0035

Related

CVE-2019-3498

Published

2019-01-11T21:07:56Z

Modified

2019-01-11T20:40:59Z

Summary

Updated python-django packages fix security vulnerability

Details

An upstream patch has been backported to fix a security vulnerability in python-django. CVE-2019-3498: Content spoofing possibility in the default 404 page

An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.pagenotfound() view. The URL path is no longer displayed in the default 404 template and the request_path context variable is now quoted to fix the issue for custom templates that use the path.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / python-django

Package

Name: python-django
Purl: pkg:rpm/mageia/python-django?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.19-1.1.mga6

Ecosystem specific

{
    "section": "core"
}