In Django 2.2 prior to 2.2.25, 3.1 prior to 3.1.14, and 3.2 prior to 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django |
||
redhat satellite 6.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 21.04 |
||
canonical ubuntu linux 21.10 |
||
fedoraproject fedora 35 |