CVE-2019-3498 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Content spoofing
Description	A content spoofing issue has been found in django before 2.1.5 and 1.11.18, where an attacker could craft a malicious URL that could make spoofed content appear on the default page generated by the django.views.defaults.page_not_found() view.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-839	python-django	2.1.4-1	2.1.5-1	Medium	Fixed
AVG-838	python2-django	1.11.17-1	1.11.18-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Jan 2019	ASA-201901-7	AVG-838	python2-django	Medium	content spoofing
11 Jan 2019	ASA-201901-6	AVG-839	python-django	Medium	content spoofing

References
https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a

References

https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b
https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a