SUSE CVE-2021-33571

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

Python < 3.9.5 Authentication Bypass Vulnerability - Linux

Python is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper access control

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

Django 2.2 < 2.2.22, 3.1 < 3.1.10, 3.2 < 3.2.2 Header Injection Vulnerability - Windows

Django is prone to a header injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Django 2.2 < 2.2.22, 3.1 < 3.1.10, 3.2 < 3.2.2 Header Injection Vulnerability - Linux

Django is prone to a header injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-32052

A flaw was found in django. On Python 3.9.5+, URLValidator didn't prohibited newlines and tabs which could lead to a header injection attack if these were used in an HTTP response. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation Red Hat has...

CVE-2021-32052

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

CVE-2021-32052

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs unless the URLField form field is used. If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffecte...

Django 跨站脚本漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A cross-site scripting vulnerability exists in django, which stems from the fact that on Python...