The vulnerability of the dictsort template pattern in the Django web framework allows a attacker to access confidential information.

The vulnerability of the dictsort template pattern in the Django web framework relates to the disclosure of information in the error data field. Exploiting this vulnerability can allow an attacker, operating remotely, to obtain confidential system information...

USN-5204-1 python-django vulnerabilities

Chris Bailey discovered that Django incorrectly handled evaluating submitted passwords. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. CVE-2021-45115 Dennis Brinkrolf discovered that Django incorrectly handled the dictsort template filter. ...

CVE-2021-45116

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a...

Django -- multiple vulnerabilities

Django Release reports: CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator. CVE-2021-45116: Potential information disclosure in dictsort template filter. CVE-2021-45452: Potential directory-traversal via Storage.save...