django is vulnerable to content spoofing attacks. The vulnerability exists in the default 404 pages where request.path
was not sanitized and can be used to display unwanted HTML on the default 404 pages.
www.securityfocus.com/bid/106453
docs.djangoproject.com/en/dev/releases/security/
github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a
github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b
github.com/django/django/commit/9f4ed7c94c62e21644ef5115e393ac426b886f2e
groups.google.com/forum/#!topic/django-announce/VYU7xQQTEPQ
lists.debian.org/debian-lts-announce/2019/01/msg00005.html
lists.fedoraproject.org/archives/list/[email protected]/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/
usn.ubuntu.com/3851-1/
www.debian.org/security/2019/dsa-4363
www.djangoproject.com/weblog/2019/jan/04/security-releases/