Your submission was sent successfully! Close

CVE-2021-45116

Published: 4 January 2022

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
bionic
Released (1:1.11.11-1ubuntu1.15)
focal
Released (2:2.2.12-1ubuntu0.9)
hirsute
Released (2:2.2.20-1ubuntu0.4)
impish
Released (2:2.2.24-1ubuntu1.2)
jammy
Released (2:3.2.11-1)
trusty Needs triage

upstream Needs triage

xenial Needs triage