VDB

DEBIAN-CVE-2021-44420

DEBIAN-CVE-2021-44420 PUBLISHED CVSS 7.300000190734863 HIGH

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

Risk Scores

CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

VendorProductVersions
Debian:13python-django0, 0, 0
Debian:12python-django0, 0, 0
Debian:11python-django0, 2.2.24-1, 0
Debian:14python-django0, 0, 0

Timeline

  • Dec 8, 2021 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›