Improper Input Validation in Django
High severity
GitHub Reviewed
Published
Jan 14, 2019
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Package
Affected versions
>= 1.11a1, < 1.11.18
>= 2.0a1, < 2.0.10
>= 2.1a1, < 2.1.5
Patched versions
1.11.18
2.0.10
2.1.5
Description
Published by the National Vulnerability Database
Jan 9, 2019
Published to the GitHub Advisory Database
Jan 14, 2019
Reviewed
Jun 16, 2020
Last updated
Nov 18, 2024
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in
django.views.defaults.page_not_found()
, leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.References