VDB

CVE-2021-44420

CVE-2021-44420 PUBLISHED

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

EPSS 0.12% · 30.5th percentile

Risk Scores

EPSS Score
0.12%
30.5th percentile

Affected Products

VendorProductVersions
Bitnamidjango3.2.0, 2.2.0, 3.1.0
Bitnamidjango2.2.0, 3.1.0, 3.2.0
Cloudflarestream
Cloudflareaccess

Timeline

  • Dec 7, 2021 CVE Published
  • Dec 8, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 1, 2022 EPSS Score
  • Feb 11, 2022 EPSS Score
  • Mar 27, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 21, 2022 EPSS Score
  • Sep 8, 2022 EPSS Score
  • Nov 2, 2022 EPSS Score
  • Dec 26, 2022 EPSS Score
  • Feb 19, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›