In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Django(PyPI) | 1.11a1 | 1.11.18 | N/A |
| Django(PyPI) | 2.0a1 | 2.0.10 | N/A |
| Django(PyPI) | 2.1a1 | 2.1.5 | N/A |
CVSS Metrics
