Описание
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
Ссылки
- PatchVendor Advisory
- Third Party Advisory
- PatchVendor Advisory
- Mailing ListPatchThird Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- PatchVendor Advisory
- Mailing ListPatchThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
EPSS
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...
Potential bypass of an upstream access control based on URL paths in Django
ELSA-2022-9341: ol-automation-manager security update (IMPORTANT)
EPSS
7.3 High
CVSS3
7.5 High
CVSS2