CVE-2021-45116 — Improper Input Validation in Django

CWE-20 — Improper Input Validation CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer9 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 42.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django Fedoraproject Fedora

Timeline

PublishedJan 5

Latest updateJan 12

Description

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDdjangoproject/django2.2 — 2.2.26+2

▶PyPIdjangoproject/django2.2 — 2.2.26+2

Also affects: Fedora 35

Patches

Patch: docs.djangoproject.com ↗Patch: www.djangoproject.com ↗Patch: docs.djangoproject.com ↗

🔴Vulnerability Details

OSV

Information disclosure in Django↗2022-01-12

▶

GHSA

Information disclosure in Django↗2022-01-12

▶

OSV

CVE-2021-45116: An issue was discovered in Django 2↗2022-01-05

▶

OSV

python-django vulnerabilities↗2022-01-05

▶

CVEList

CVE-2021-45116: An issue was discovered in Django 2↗2022-01-04

▶

📋Vendor Advisories

Ubuntu

Django vulnerabilities↗2022-01-05

▶

Red Hat

django: Potential information disclosure in dictsort template filter↗2022-01-04

▶

Debian

CVE-2021-45116: python-django - An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 ...↗2021

▶