Homepage
About Snyk

Content Spoofing Affecting django package, versions [,1.11.18) [2.0.0, 2.0.10) [2.1.0, 2.1.5)

0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required

    Threat Intelligence

    EPSS 0.8% (82nd percentile)
Expand this section
NVD
6.5 medium
Expand this section
Red Hat
4.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-DJANGO-72888
  • published 8 Jan 2019
  • disclosed 4 Jan 2019
  • credit Jerbi Nessim
Report a new vulnerability Found a mistake?

Introduced: 4 Jan 2019

CVE-2019-3498 Open this link in a new tab
CWE-148 Open this link in a new tab

How to fix?

Upgrade Django to version 1.11.18, 2.0.10, 2.1.5 or higher.

Overview

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Affected versions of this package are vulnerable to Content Spoofing. The default 404 page did not properly handle user-supplied data, an attacker could supply content to the web application, typically via a parameter value, that is reflected back to the user. This presented the user with a modified page under the context of the trusted domain.