Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-45116

Опубликовано: 04 янв. 2022
Источник: redhat
CVSS3: 5.9

Описание

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

An information-disclosure flaw was found in Django, where the dictsort filter in Django's Template Language did not correctly validate user input. A network attacker could exploit this flaw using a suitably crafted key to force information disclosure or unintended method calls.

Отчет

In Red Hat OpenStack Platform, because the flaw's impact is lower and the impacted functionality is not directly used, no update will be provided at this time for the python-django20 package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2python-djangoAffected
Red Hat Ansible Automation Platform 2python-djangoAffected
Red Hat Ansible Tower 3djangoAffected
Red Hat Ceph Storage 2calamari-serverOut of support scope
Red Hat Ceph Storage 2python-djangoOut of support scope
Red Hat Ceph Storage 3python-djangoOut of support scope
Red Hat OpenStack Platform 13 (Queens)python-djangoOut of support scope
Red Hat OpenStack Platform 16.1python-django20Will not fix
Red Hat OpenStack Platform 16.2python-django20Will not fix
Red Hat Satellite 6python3-djangoAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-212
https://bugzilla.redhat.com/show_bug.cgi?id=2037025django: Potential information disclosure in dictsort template filter

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-45116

CVSS3: 7.5
ubuntu
больше 3 лет назад

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

nvd логотип

CVE-2021-45116

CVSS3: 7.5
nvd
больше 3 лет назад

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

debian логотип

CVE-2021-45116

CVSS3: 7.5
debian
больше 3 лет назад

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...

github логотип

GHSA-8c5j-9r9f-c6w8

CVSS3: 7.5
github
больше 3 лет назад

Information disclosure in Django

fstec логотип

BDU:2022-00354

CVSS3: 4.3
fstec
больше 3 лет назад

Уязвимость шаблона dictsort фреймворка для веб-приложений Django, позволяющая нарушителю получить доступ к конфиденциальной информации

5.9 Medium

CVSS3