Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 648
    • Issues 648
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 176
    • Merge Requests 176
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9835

Closed
Open
Opened Jan 09, 2019 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.7] py-django: Content spoofing via URL path in default 404 page (CVE-2019-3498)

Django before versions 1.11.18, 2.0.10 and 2.1.5 is vulnerable to content spoofing via crafted URL in the default 404 page.
An attacker could craft a malicious URL that could make spoofed content appear on the default page generated
by the django.views.defaults.page_not_found() view.

Fixed In Version:

python-django 1.11.18, python-django 2.0.10, python-django 2.1.5

References:

https://www.djangoproject.com/weblog/2019/jan/04/security-releases/

Patch:

https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a

(from redmine: issue id 9835, created on 2019-01-09, closed on 2019-02-19)

  • Relations:
    • parent #9832 (closed)
  • Changesets:
    • Revision efea0b28 on 2019-02-04T11:27:46Z:
main/py-django: security upgrade to 1.11.18 (CVE-2019-3498)

Fixes #9835
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.2
Milestone
3.7.2
Assign milestone
Time tracking
None
Due date
None
2
Labels
Normal type:bug
Assign labels
  • View project labels
Reference: alpine/aports#9835