#30070: Content spoofing possiblity in default 404 page
-------------------------------------------+------------------------
Reporter: tasn | Owner: nobody
Type: Bug | Status: new
Component: Core (Other) | Version: 1.11
Severity: Release blocker | Keywords:
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------------+------------------------
A maliciously crafted URL can be reflected back to the user so that the
user sees a 404 page with the attacker's content that may be interpreted
as originating from the trusted site.
[https://github.com/django/django/pull/10809 PR] with details.
--
Ticket URL: <https://code.djangoproject.com/ticket/30070>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/047.45313d31558ab472bd2e7895ffd50013%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
