Oval Definition:	oval:com.ubuntu.xenial:def:201712794000
Revision Date: 2017-09-07 Version: 1 Title: CVE-2017-12794 on Ubuntu 16.04 LTS (xenial) - low. Description: In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-12794 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND NOT While related to the CVE in some way, the 'python-django' package in xenial is not affected.
BACK