Описание
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | released | 2:3.2.11-1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.8 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 2:2.2.12-1ubuntu0.8 |
| hirsute | released | 2:2.2.20-1ubuntu0.3 |
| impish | released | 2:2.2.24-1ubuntu1.1 |
| jammy | released | 2:3.2.11-1 |
Показывать по
EPSS
7.5 High
CVSS2
7.3 High
CVSS3
Связанные уязвимости
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...
Potential bypass of an upstream access control based on URL paths in Django
ELSA-2022-9341: ol-automation-manager security update (IMPORTANT)
EPSS
7.5 High
CVSS2
7.3 High
CVSS3