GitHub Advisory DatabaseGHSA-QM57-VHQ3-3FWFHeader injection possible in Django
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
53.5%
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
Affected configurations
References
www.openwall.com/lists/oss-security/2021/05/06/1
bugzilla.redhat.com/show_bug.cgi?id=1944801
docs.djangoproject.com/en/3.2/releases/security
github.com/advisories/GHSA-qm57-vhq3-3fwf
github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f
github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml
groups.google.com/forum/#!forum/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE
nvd.nist.gov/vuln/detail/CVE-2021-32052
security.netapp.com/advisory/ntap-20210611-0002
www.djangoproject.com/weblog/2021/may/06/security-releases
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
53.5%