Description

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Remediation

References

CVE-2021-44420

Related Vulnerabilities

WordPress Plugin Daily Inspiration Generator Open Redirect (2.0)

Jenkins Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43044)

Jboss EAP CVE-2023-4061 Vulnerability (CVE-2023-4061)

Drupal Core 8.x.x Security Bypass (8.0.0 - 8.7.14)

WordPress 5.8.x Directory Traversal (5.8 - 5.8.9)

Severity

High

Classification

CVE-2021-44420 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities