Description

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Remediation

References

CVE-2021-44420

Related Vulnerabilities

Joomla! Core 1.0.x Cross-Site Scripting (1.0.0 - 1.0.11)

phpList Incorrect Comparison Vulnerability (CVE-2020-23361)

WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Cross-Site Request Forgery Vulnerabilities (1.5.12)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3992)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.23)

Severity

High

Classification

CVE-2021-44420 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities