Lucene search
PRIOn knowledge basePRION:CVE-2019-3498HistoryJan 09, 2019 - 11:29 p.m.
Spoofing
2019-01-0923:29:00
PRIOn knowledge base
www.prio-n.com
9
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| ubuntu_linux | eq | 14.04 | |
| ubuntu_linux | eq | 18.04 | |
| ubuntu_linux | eq | 18.10 | |
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 9.0 | |
| django | ge | 1.11 | |
| django | lt | 1.11.18 | |
| django | ge | 2.0 | |
| django | lt | 2.0.10 |
References
www.securityfocus.com/bid/106453
docs.djangoproject.com/en/dev/releases/security/
groups.google.com/forum/
lists.debian.org/debian-lts-announce/2019/01/msg00005.html
lists.fedoraproject.org/archives/list/[email protected]/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
usn.ubuntu.com/3851-1/
www.debian.org/security/2019/dsa-4363
www.djangoproject.com/weblog/2019/jan/04/security-releases/
Related
cve
cve
CVE-2019-3498
2019-01-09 23:29:05
archlinux
archlinux
[ASA-201901-7] python2-django: content spoofing
2019-01-11 00:00:00
[ASA-201901-6] python-django: content spoofing
2019-01-11 00:00:00
osv
osv
PYSEC-2019-17
2019-01-09 23:29:00
CVE-2019-3498
2019-01-09 23:29:05
Improper Input Validation in Django
2019-01-14 16:20:05
debian
debian
[SECURITY] [DLA 1629-1] python-django security update
2019-01-06 19:27:17
[SECURITY] [DSA 4363-1] python-django security update
2019-01-08 22:46:08
mageia
mageia
Updated python-django16 package fixes security vulnerability
2019-01-19 01:19:29
Updated python-django packages fix security vulnerability
2019-01-12 00:07:56
nessus
nessus
Fedora 28 : python-django (2019-e6ca5847c7)
2019-01-16 00:00:00
Debian DLA-1629-1 : python-django security update
2019-01-07 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Django vulnerability (USN-3851-1)
2019-01-10 00:00:00
debiancve
debiancve
CVE-2019-3498
2019-01-09 23:29:05
fedora
fedora
[SECURITY] Fedora 28 Update: python-django-2.0.10-1.fc28
2019-01-16 01:43:22
[SECURITY] Fedora 29 Update: python-django-2.0.10-1.fc29
2019-01-11 04:36:39
[SECURITY] Fedora 29 Update: python-django-2.0.13-1.fc29
2019-03-01 02:40:44
openvas
openvas
Fedora Update for python-django FEDORA-2019-e6ca5847c7
2019-01-16 00:00:00
Debian: Security Advisory (DLA-1629-1)
2019-01-06 00:00:00
Ubuntu: Security Advisory (USN-3851-1)
2019-01-10 00:00:00
cvelist
cvelist
CVE-2019-3498
2019-01-09 22:00:00
ubuntucve
ubuntucve
CVE-2019-3498
2019-01-07 00:00:00
ubuntu
ubuntu
Django vulnerability
2019-01-09 00:00:00
redhatcve
redhatcve
CVE-2019-3498
2019-01-07 02:50:20
veracode
veracode
Content Spoofing
2019-01-07 05:06:49
alpinelinux
alpinelinux
CVE-2019-3498
2019-01-09 23:29:05
nvd
nvd
CVE-2019-3498
2019-01-09 23:29:05
freebsd
freebsd
Django -- Content spoofing possibility in the default 404 page
2019-01-03 00:00:00
github
github
Improper Input Validation in Django
2019-01-14 16:20:05
altlinux
altlinux