django is vulnerable to HTTP response header injection. The vulnerability exists when the library does not prevent the use of malicious characters such as newlines and tabs in URL when it is used with Python 3.9.5+.
www.openwall.com/lists/oss-security/2021/05/06/1
django.readthedocs.io/en/latest/releases/security.html#may-6-2021-cve-2021-32052
docs.djangoproject.com/en/3.2/releases/security/
groups.google.com/forum/#!forum/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
security.netapp.com/advisory/ntap-20210611-0002/
www.djangoproject.com/weblog/2021/may/06/security-releases
www.djangoproject.com/weblog/2021/may/06/security-releases/