In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low severity, according to the Django security policy.
docs.djangoproject.com/en/3.2/releases/security
github.com/django/django
github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6
groups.google.com/forum/#!forum/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV
nvd.nist.gov/vuln/detail/CVE-2021-44420
security.netapp.com/advisory/ntap-20211229-0006
www.djangoproject.com/weblog/2021/dec/07/security-releases
www.openwall.com/lists/oss-security/2021/12/07/1