Description

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

Remediation

References

CVE-2021-45116

Related Vulnerabilities

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Cross-Site Request Forgery (3.2.9)

MySQL CVE-2019-2623 Vulnerability (CVE-2019-2623)

Internet Information Services CVE-2006-6578 Vulnerability (CVE-2006-6578)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393)

Dotclear Other Vulnerability (CVE-2014-3782)

Severity

High

Classification

CVE-2021-45116 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities