Описание
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | python-django | Affected | ||
| Red Hat Ansible Automation Platform 2 | python-django | Affected | ||
| Red Hat Ansible Tower 3 | django | Affected | ||
| Red Hat Ceph Storage 2 | calamari-server | Out of support scope | ||
| Red Hat Ceph Storage 2 | python-django | Out of support scope | ||
| Red Hat Ceph Storage 3 | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 10 (Newton) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 13 (Queens) | python-django | Out of support scope | ||
| Red Hat OpenStack Platform 16.1 | python-django20 | Not affected | ||
| Red Hat OpenStack Platform 16.2 | python-django20 | Not affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...
Potential bypass of an upstream access control based on URL paths in Django
ELSA-2022-9341: ol-automation-manager security update (IMPORTANT)
5.3 Medium
CVSS3