VDB
CVE-2021-45116
CVE-2021-45116
PUBLISHED
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
EPSS 0.36% · 58.8th percentile
Risk Scores
EPSS Score
0.36%
58.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | django | 3.2.0, 4.0.0, 2.2.0 |
| Bitnami | django | 2.2.0, 3.2.0, 4.0.0 |
Timeline
- Jan 4, 2022 CVE Published
- Jan 5, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 22, 2022 EPSS Score
- Jun 15, 2022 EPSS Score
- Aug 8, 2022 EPSS Score
- Oct 1, 2022 EPSS Score
- Nov 24, 2022 EPSS Score
- Jan 16, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 4, 2023 EPSS Score
References
- https://docs.djangoproject.com/en/4.0/releases/security/ url
- https://groups.google.com/forum/#%21forum/django-announce url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ url
- https://security.netapp.com/advisory/ntap-20220121-0005/ url
- https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ url
- https://nvd.nist.gov/vuln/detail/CVE-2021-45116 url