CVE-2021-44420
Published: 7 December 2021
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
Notes
Author | Note |
---|---|
mdeslaur | code in bionic is different, doesn't look affected |
Priority
CVSS 3 base score: 7.3
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Released
(2:2.2.12-1ubuntu0.8)
|
|
hirsute |
Released
(2:2.2.20-1ubuntu0.3)
|
|
impish |
Released
(2:2.2.24-1ubuntu1.1)
|
|
jammy |
Released
(2:3.2.11-1)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(2.2.25,3.2.10)
|
|
xenial |
Not vulnerable
(code not present)
|