Vulnerability CVE-2021-44420: Information

Description

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Severity: HIGH (7.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Published: Dec. 8, 2021
Modified: Nov. 7, 2023

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
python3-module-djangosisyphus3.2.10-alt14.2.9-alt1ALT-PU-2021-3552-1292129Fixed
python3-module-djangosisyphus_e2k3.2.10-alt14.2.9-alt1ALT-PU-2022-3622-1-Fixed
python3-module-djangosisyphus_mipsel3.2.10-alt14.2.8-alt1ALT-PU-2021-4667-1-Fixed
python3-module-djangosisyphus_riscv643.2.10-alt14.2.8-alt1ALT-PU-2021-4628-1-Fixed
python3-module-djangop103.2.10-alt13.2.23-alt1ALT-PU-2021-3622-1292330Fixed
python3-module-djangop10_e2k3.2.10-alt13.2.23-alt1ALT-PU-2021-4755-1-Fixed
python3-module-djangop92.2.25-alt12.2.25-alt1ALT-PU-2021-3619-1292358Fixed
python3-module-djangop9_e2k2.2.25-alt12.2.25-alt1ALT-PU-2022-3862-1-Fixed
python3-module-djangop9_mipsel2.2.25-alt12.2.25-alt1ALT-PU-2022-3988-1-Fixed
python3-module-djangoc10f13.2.10-alt13.2.22-alt1ALT-PU-2021-3622-1292330Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
      Start including
      2.2
      End excliding
      2.2.25

      cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
      Start including
      3.1
      End excliding
      3.1.14

      cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
      Start including
      3.2
      End excliding
      3.2.10

      Configuration 2

      cpe:2.3:o:redhat:satellite:6.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

      cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*

      cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*