Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Django Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-45116)

Description

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

Remediation

References

Related Vulnerabilities

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-5190)

WordPress Plugin Mingle Forum SQL Injection and Security Bypass Vulnerabilities (1.0.26)

Apache HTTP Server CVE-2018-11763 Vulnerability (CVE-2018-11763)

WordPress Plugin Appointment Booking Calendar Multiple Vulnerabilities (1.1.24)

Moodle Other Vulnerability (CVE-2004-1978)

Severity

High

Classification

CVE-2021-45116 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities