Django is vulnerable to authorization bypass. The vulnerability exists due to the insecure regex used for the match path names, allowing an attacker to bypass the upstream access control based on URL paths through the match
function in resolvers.py
docs.djangoproject.com/en/3.2/releases/security/
github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7
groups.google.com/forum/#!forum/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
security.netapp.com/advisory/ntap-20211229-0006/
www.djangoproject.com/weblog/2021/dec/07/security-releases/
www.openwall.com/lists/oss-security/2021/12/07/1