BID:106453

Django CVE-2019-3498 Content Spoofing Vulnerability

CVE-2019-3498 |

Info

Django CVE-2019-3498 Content Spoofing Vulnerability

Bugtraq ID:	106453
Class:	Input Validation Error
CVE:	CVE-2019-3498
Remote:	Yes
Local:	No
Published:	Jan 04 2019 12:00AM
Updated:	Jan 04 2019 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Djangoproject Django 2.1.4 Djangoproject Django 2.1.3 Djangoproject Django 2.1.2 Djangoproject Django 2.1.1 Djangoproject Django 2.0.8 Djangoproject Django 2.0.7 Djangoproject Django 2.0.6 Djangoproject Django 2.0.5 Djangoproject Django 2.0.4 Djangoproject Django 2.0.3 Djangoproject Django 2.0.2 Djangoproject Django 2.0.1 Djangoproject Django 1.11.15 Djangoproject Django 1.11.11 Djangoproject Django 1.11.10 Djangoproject Django 1.11.9 Djangoproject Django 1.11.8 Djangoproject Django 1.11.5 Djangoproject Django 1.11.4 Djangoproject Django 1.11.3 Djangoproject Django 1.11.2 Djangoproject Django 1.11.1

Not Vulnerable:	Djangoproject Django 2.1.5 Djangoproject Django 2.0.10 Djangoproject Django 1.11.18

Discussion

Django CVE-2019-3498 Content Spoofing Vulnerability

Django is prone to a content-spoofing vulnerability because it fails to properly sanitize user-supplied input.

Attackers can exploit this issue to manipulate the page and spoof content, which may aid in further attacks.

Versions prior to Django 1.11.18, 2.0.10 and 2.1.5 are vulnerable.

Solution / Fix

Django CVE-2019-3498 Content Spoofing Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Django CVE-2019-3498 Content Spoofing Vulnerability

References:

Bug 1663722 (CVE-2019-3498) - CVE-2019-3498 python-django: Content spoofing via (Redhat)
CVE-2019-3498 (Redhat)
CVE-2019-3498: Content spoofing possibility in the default 404 page (Djangoproject )