CVE-2021-44420 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=2.2a1 <2.2.25 || >=3.0a1 <3.1.14 || >=3.2a1 <3.2.10

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00138 pctl0.34451

Details

Potential bypass of an upstream access control based on URL paths in Django In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low severity, according to the Django security policy.

Metadata

Created: 2021-12-09T19:09:37Z
Modified: 2024-11-18T16:26:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-v6rh-hp5x-86rv/GHSA-v6rh-hp5x-86rv.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-v6rh-hp5x-86rv
Finding: F039
Auto approve: 1