Lucene search

K
osvGoogleOSV:USN-5204-1
HistoryJan 05, 2022 - 1:21 p.m.

python-django vulnerabilities

2022-01-0513:21:45
Google
osv.dev
15
django
vulnerabilities
password evaluation
dictsort filter
file name handling
remote attacker
denial of service
sensitive information
arbitrary filesystem

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

70.1%

Chris Bailey discovered that Django incorrectly handled evaluating
submitted passwords. A remote attacker could possibly use this issue to
consume resources, resulting in a denial of service. (CVE-2021-45115)

Dennis Brinkrolf discovered that Django incorrectly handled the dictsort
template filter. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2021-45116)

Dennis Brinkrolf discovered that Django incorrectly handled certain file
names. A remote attacker could possibly use this issue to save files to
arbitrary filesystem locations. (CVE-2021-45452)