Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-33571

Опубликовано: 08 июн. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .

РелизСтатусПримечание
bionic

not-affected

1:1.11.11-1ubuntu1.13
devel

released

2:2.2.24-1
esm-infra-legacy/trusty

not-affected

esm-infra/bionic

not-affected

1:1.11.11-1ubuntu1.13
esm-infra/focal

not-affected

2:2.2.12-1ubuntu0.7
esm-infra/xenial

not-affected

focal

released

2:2.2.12-1ubuntu0.7
groovy

released

2:2.2.16-1ubuntu0.5
hirsute

released

2:2.2.20-1ubuntu0.2
impish

released

2:2.2.24-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 2%
0.00014
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-33571

CVSS3: 7.5
redhat
около 4 лет назад

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .

nvd логотип

CVE-2021-33571

CVSS3: 7.5
nvd
около 4 лет назад

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .

debian логотип

CVE-2021-33571

CVSS3: 7.5
debian
около 4 лет назад

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...

github логотип

GHSA-p99v-5w3c-jqq9

CVSS3: 7.5
github
около 4 лет назад

Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks

fstec логотип

BDU:2021-05162

CVSS3: 7.5
fstec
около 4 лет назад

Уязвимость функций URLValidator, validate_ipv4_address, validate_ipv46_address программной платформы для веб-приложений Django, связанная с недостаточной проверкой поступающих запросов, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 2%
0.00014
Низкий

5 Medium

CVSS2

7.5 High

CVSS3