Name of the Vulnerable Software and Affected Versions Django versions 1.11.x through 1.11.17 Django versions 2.0.x through 2.0.9 Django versions 2.1.x through 2.1.4

Description The issue exists in the django.views.defaults.page not found() function, leading to content spoofing in a 404 error page if a user fails to recognize that a crafted URL has malicious content. This occurs due to improper neutralization of special elements in output used by a downstream component.

Recommendations For Django versions 1.11.x through 1.11.17, update to version 1.11.18 or later. For Django versions 2.0.x through 2.0.9, update to version 2.0.10 or later. For Django versions 2.1.x through 2.1.4, update to version 2.1.5 or later.