AVG-969

Package python-django
Status Fixed
Severity Medium
Type cross-site scripting
Affected 2.2.1-1
Fixed 2.2.2-1
Current 2.2.4-1 [extra]
Ticket None
Created Mon Jun 3 17:01:20 2019
Issue Severity Remote Type Description
CVE-2019-12308 Medium Yes Cross-site scripting
The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated...
CVE-2019-11358 Medium Yes Cross-site scripting
jQuery before 3.4.0, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable...
Date Advisory Package Description
04 Jun 2019 ASA-201906-2 python-django cross-site scripting
References
https://www.djangoproject.com/weblog/2019/jun/03/security-releases/
https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad