Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-3498

Published: 09/01/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Django

Vulnerability Summary

In Django 1.11.x prior to 1.11.18, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

fedoraproject fedora 28

Vendor Advisories

Debian CVElist Bug Report Logs: python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page
Debian Bug report logs - #918230 python-django: CVE-2019-3498: Content spoofing possibility in the default 404 page Package: src:python-django; Maintainer for src:python-django is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, ...
Ubuntu Security Notice: python-django vulnerability
Django could be made to expose spoofed information over the network ...
Red Hat: CVE-2019-3498
In Django 111x before 11118, 20x before 2010, and 21x before 215, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in djangoviewsdefaultspage_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content ...
Arch Linux Issues:
A content spoofing issue has been found in django before 215 and 11118, where an attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the djangoviewsdefaultspage_not_found() view ...

Github Repositories

https://github.com/Crossroadsman/treehouse-techdegree-python-project9

Project 9: Improve a Django Project WARNING: Security Vulnerability There are multiple vulnerabilities with versions of Django below 11119 (see CVE-2019-6975, CVE-2019-3498, CVE-2017-7234, and CVE-2017-7233) These vulnerabilities have not been addressed as part of the project specification is to use the packages according to the supplied requirementstxt1 Installation Clon

References

CWE-74https://www.djangoproject.com/weblog/2019/jan/04/security-releases/https://docs.djangoproject.com/en/dev/releases/security/https://www.debian.org/security/2019/dsa-4363https://usn.ubuntu.com/3851-1/https://lists.debian.org/debian-lts-announce/2019/01/msg00005.htmlhttp://www.securityfocus.com/bid/106453https://groups.google.com/forum/#%21topic/django-announce/VYU7xQQTEPQhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918230https://usn.ubuntu.com/3851-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook