Description

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Remediation

References

CVE-2021-44420

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2012-2686)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-35652)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2008-4096)

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)

MySQL CVE-2018-3195 Vulnerability (CVE-2018-3195)

Severity

High

Classification

CVE-2021-44420 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities