[3.6] py-django: Content spoofing via URL path in default 404 page (CVE-2019-3498)ID: oval:org.secpod.oval:def:1801319 | Date: (C)2019-06-06 (M)2023-11-10 |
Class: PATCH | Family: unix |
Django before versions 1.11.18, 2.0.10 and 2.1.5 is vulnerable to content spoofing via crafted URL in the default 404 page. An attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found view. Fixed In Version:¶ python-django 1.11.18, python-django 2.0.10, python-django 2.1.5
Platform: |
Alpine Linux 3.6 |