VDB
CVE-2021-44420
CVE-2021-44420
PUBLISHED
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
EPSS 0.12% · 30.5th percentile
Risk Scores
EPSS Score
0.12%
30.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 3.2.0, 2.2.0, 3.1.0 |
| Bitnami | django | 2.2.0, 3.1.0, 3.2.0 |
| Cloudflare | stream | |
| Cloudflare | access |
Timeline
- Dec 7, 2021 CVE Published
- Dec 8, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 1, 2022 EPSS Score
- Feb 11, 2022 EPSS Score
- Mar 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 21, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Nov 2, 2022 EPSS Score
- Dec 26, 2022 EPSS Score
- Feb 19, 2023 EPSS Score
References
- https://docs.djangoproject.com/en/3.2/releases/security/ url
- https://groups.google.com/forum/#%21forum/django-announce url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ url
- https://security.netapp.com/advisory/ntap-20211229-0006/ url
- https://www.djangoproject.com/weblog/2021/dec/07/security-releases/ url
- https://www.openwall.com/lists/oss-security/2021/12/07/1 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-44420 url