CVE-2021-45116 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=2.2 <2.2.26 || >=3.2 <3.2.11 || >=4.0 <4.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00178 pctl0.39667

Details

Information disclosure in Django An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

Metadata

Created: 2022-01-12T19:21:10Z
Modified: 2024-09-20T12:22:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-8c5j-9r9f-c6w8/GHSA-8c5j-9r9f-c6w8.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-8c5j-9r9f-c6w8
Finding: F184
Auto approve: 1