It was discovered that Django incorrectly accepted semicolons as query
parameters. A remote attacker could possibly use this issue to perform a
Web Cache Poisoning attack.

References

ubuntu.com/security/CVE-2021-23336

ubuntu.com/security/notices/USN-4742-1

nessus 61

openvas 51

redhatcve 1

fedora 20

mageia 2

alpinelinux 1

debian 5

debiancve 1

cve 3

suse 1

osv 15

cbl_mariner 3

veracode 1

archlinux 3

ubuntu 1

prion 3

ubuntucve 1

photon 5

altlinux 2

amazon 6

gentoo 1

almalinux 2

github 1

oraclelinux 3

redhat 3

sonarsource 1

rocky 1

fortinet 1

nessus

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2021:0768-1)

2021-03-12 00:00:00

Fedora 32 : mingw-python3 (2021-309bc2e727)

2021-03-15 00:00:00

SUSE SLES12 Security Update : python36 (SUSE-SU-2021:0887-1)

2021-03-22 00:00:00

openvas

Fedora: Security Advisory for python39 (FEDORA-2021-7c1bb32d13)

2021-03-01 00:00:00

Python < 3.6.13, 3.7.x < 3.7.10, 3.8.x < 3.8.8, 3.9.x < 3.9.2 Web Cache Poisoning Vulnerability - Windows

2021-02-23 00:00:00

Fedora: Security Advisory for python-django (FEDORA-2021-1bb399a5af)

2021-03-13 00:00:00

redhatcve

CVE-2021-23336

2021-02-15 20:05:02

fedora

[SECURITY] Fedora 34 Update: python-django-3.1.7-1.fc34

2021-03-19 20:27:58

[SECURITY] Fedora 33 Update: mingw-python3-3.9.2-1.fc33

2021-03-15 01:19:58

[SECURITY] Fedora 34 Update: mingw-python3-3.9.2-2.fc34

2021-03-19 20:28:38

mageia

Updated python and python3 packages fix security vulnerability

2021-04-02 13:16:21

Updated python-django package fixes a security vulnerability

2021-03-15 00:20:42

alpinelinux

CVE-2021-23336

2021-02-15 13:15:00

debian

[SECURITY] [DLA 2569-1] python-django security update

2021-02-19 16:24:07

[SECURITY] [DLA 2628-1] python2.7 security update

2021-04-17 19:31:24

[SECURITY] [DLA 2619-1] python3.5 security update

2021-04-05 16:08:19

debiancve

CVE-2021-23336

2021-02-15 13:15:00

cve

CVE-2021-23336

2021-02-15 13:15:00

CVE-2020-28476

2021-01-18 12:15:00

CVE-2021-28359

2021-05-02 08:15:00

suse

Security update for python (moderate)

2021-03-17 00:00:00

osv

python-django - security update

2021-02-19 00:00:00

CVE-2021-23336

2021-02-15 13:15:12

BIT-python-2021-23336

2024-03-06 11:07:00

cbl_mariner

CVE-2021-23336 affecting package python2 2.7.18-8

2022-04-09 06:51:57

CVE-2021-23336 affecting package python3 3.7.9-4

2021-07-08 21:56:42

CVE-2021-23336 affecting package python2 2.7.18-14

2021-04-06 23:50:12

veracode

Web Cache Poisoning

2021-02-20 06:44:58

archlinux

[ASA-202102-28] python-django: url request injection

2021-02-20 00:00:00

[ASA-202102-37] python: multiple issues

2021-02-27 00:00:00

[ASA-202103-27] python2: multiple issues

2021-03-25 00:00:00

ubuntu

Django vulnerability

2021-02-22 00:00:00

prion

Design/Logic Flaw

2021-02-15 13:15:00

Design/Logic Flaw

2021-01-18 12:15:00

Design/Logic Flaw

2021-05-02 08:15:00

ubuntucve

CVE-2021-23336

2021-02-15 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0204

2021-03-05 00:00:00

Moderate Photon OS Security Update - PHSA-2021-3.0-0204

2021-03-05 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0327

2021-03-11 00:00:00

altlinux

Security fix for the ALT Linux 9 package python3-module-django version 2.2.19-alt1

2021-04-12 00:00:00

Security fix for the ALT Linux 10 package python3-module-django version 2.2.19-alt1

2021-02-24 00:00:00

amazon

Medium: python36

2021-05-14 16:53:00

Low: python34

2021-05-20 21:12:00

Medium: python35

2021-05-06 19:11:00

gentoo

Python: Multiple vulnerabilities

2021-04-30 00:00:00

almalinux

Moderate: python3 security update

2021-05-18 05:42:46

Moderate: python27:2.7 security update

2021-11-09 08:24:39

github

Cross-site Scripting in Apache Airflow

2021-06-18 18:43:42

oraclelinux

python3 security update

2021-05-25 00:00:00

python27:2.7 security update

2021-11-16 00:00:00

python38:3.8 and python38-devel:3.8 security update

2021-11-16 00:00:00

redhat

(RHSA-2021:1633) Moderate: python3 security update

2021-05-18 05:42:46

(RHSA-2021:4151) Moderate: python27:2.7 security update

2021-11-09 08:24:39

(RHSA-2021:3252) Moderate: python27 security update

2021-08-24 07:29:51

sonarsource

10 Unknown Security Pitfalls for Python

2021-11-16 00:00:00

rocky

python27:2.7 security update

2021-11-09 08:24:39

fortinet

Multiple vulnerabilities in Apache Airflow

2022-06-07 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H

5.9 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

49.1%

JSON

Related for OSV:USN-4742-1