7.5

CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DjangoprojectDjango Version >= 2.2 < 2.2.25
DjangoprojectDjango Version >= 3.1 < 3.1.14
DjangoprojectDjango Version >= 3.2 < 3.2.10
RedhatSatellite Version6.0
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
CanonicalUbuntu Linux Version20.04 SwEditionlts
CanonicalUbuntu Linux Version21.04
CanonicalUbuntu Linux Version21.10
FedoraprojectFedora Version35
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.3% 0.81
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://groups.google.com/forum/#%21forum/django-announce
https://docs.djangoproject.com/en/3.2/releases/security/
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
https://security.netapp.com/advisory/ntap-20211229-0006/
Third Party Advisory
https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
Patch
Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/12/07/1
Patch
Third Party Advisory
Mailing List