Описание
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
A flaw was found in django. On Python 3.9.5+, URLValidator didn't prohibited newlines and tabs which could lead to a header injection attack if these were used in an HTTP response. The highest threat from this vulnerability is to data confidentiality and integrity.
Отчет
- Red Hat Gluster Storage 3 ships an old version of Django (v1.11.27) that provides support for Python 3.7, hence not affected by this vulnerability.
- Red Hat Satellite and Red Hat Update Infrastructure ships affected versions of Django, however, products make use of Python 2.7 and Python 3.6 consumed from RHEL repository. Successful exploitation would require Support to Python version 3.9.5 onward hence products are not affected by this vulnerability.
- Red Hat Ceph Storage (RHCS) 2 and 3 ship an affected version of Django.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | django | Not affected | ||
| Red Hat Ansible Automation Platform 1.2 | python-django | Affected | ||
| Red Hat Ansible Tower 3 | django | Not affected | ||
| Red Hat Ceph Storage 2 | calamari-server | Affected | ||
| Red Hat Ceph Storage 2 | python-django | Affected | ||
| Red Hat Ceph Storage 3 | python-django | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | python-django | Not affected | ||
| Red Hat OpenStack Platform 16.1 | python-django20 | Not affected | ||
| Red Hat Satellite 6 | python3-django | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...
EPSS
7.4 High
CVSS3