Vulnerabilities > CVE-2021-44420
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
Vulnerable Configurations
References
- https://docs.djangoproject.com/en/3.2/releases/security/
- https://docs.djangoproject.com/en/3.2/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
- https://security.netapp.com/advisory/ntap-20211229-0006/
- https://security.netapp.com/advisory/ntap-20211229-0006/
- https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
- https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
- https://www.openwall.com/lists/oss-security/2021/12/07/1
- https://www.openwall.com/lists/oss-security/2021/12/07/1