Skip to content

Potential bypass of an upstream access control based on URL paths in Django

High severity GitHub Reviewed Published Dec 9, 2021 to the GitHub Advisory Database • Updated Sep 20, 2024

Package

pip Django (pip)

Affected versions

>= 2.2a1, < 2.2.25
>= 3.0a1, < 3.1.14
>= 3.2a1, < 3.2.10

Patched versions

2.2.25
3.1.14
3.2.10
Published by the National Vulnerability Database Dec 8, 2021
Reviewed Dec 9, 2021
Published to the GitHub Advisory Database Dec 9, 2021
Last updated Sep 20, 2024

Severity

High

EPSS score

0.184%
(56th percentile)

Weaknesses

CVE ID

CVE-2021-44420

GHSA ID

GHSA-v6rh-hp5x-86rv

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.