VDB
BIT-django-2021-45116
BIT-django-2021-45116
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 2.2.0, 3.2.0, 4.0.0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated
References
- https://docs.djangoproject.com/en/4.0/releases/security/ url
- https://groups.google.com/forum/#%21forum/django-announce url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ url
- https://security.netapp.com/advisory/ntap-20220121-0005/ url
- https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ url
- https://nvd.nist.gov/vuln/detail/CVE-2021-45116 url