Page 3 of 30 results (0.023 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-33571 – django: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses

https://notcve.org/view.php?id=CVE-2021-33571

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . En Django versiones 2.2 anteriores a 2.2.24, versiones 3.x anteriores a 3.1.12 y versiones 3.2 anteriores a 3.2.4, las funciones URLValidator, validate_ipv4_address y validate_ipv46_address no prohíben los caracteres cero a la izquierda en los literales octales. Esto puede permitir una omisión del control de acceso basado en las direcciones IP. • https://docs.djangoproject.com/en/3.2/releases/security https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV https://security.netapp.com/advisory/ntap-20210727-0004 https:/ • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-32052

https://notcve.org/view.php?id=CVE-2021-32052

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. En Django 2.2 versiones anteriores a 2.2.22, 3.1 versiones anteriores a 3.1.10 y 3.2 versiones anteriores a 3.2.2 (con Python 3.9.5+), URLValidator no prohíbe nuevas líneas y pestañas (a menos que sea usado el campo URLField form). Si una aplicación usa valores con nuevas líneas en una respuesta HTTP, puede ocurrir una inyección de encabezado. • http://www.openwall.com/lists/oss-security/2021/05/06/1 https://docs.djangoproject.com/en/3.2/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE https://security.netapp.com/advisory/ntap-20210611-0002 https://www.djangoproject.com/weblog/2021/may/06/security-releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-31542 – django: Potential directory-traversal via uploaded files

https://notcve.org/view.php?id=CVE-2021-31542

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. En Django versiones 2.2 anteriores a 2.2.21, versiones 3.1 anteriores a 3.1.9 y versiones 3.2 anteriores a 3.2.1, MultiPartParser, UploadedFile y FieldFile, permitían un salto de directorio por medio de archivos cargados con nombres de archivo cuidadosamente diseñados A flaw was found in Django. `MultiPartParser`, `UploadedFile`, and `FieldFile` allowed directory-traversal via uploaded files with suitably crafted file names. The highest threat from this vulnerability is to data confidentiality. • http://www.openwall.com/lists/oss-security/2021/05/04/3 https://docs.djangoproject.com/en/3.2/releases/security https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48 https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007 https://groups.google.com/forum/#%21forum/django-announce https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html https://lists.fedoraproject.org/archives/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-28658 – django: potential directory-traversal via uploaded files

https://notcve.org/view.php?id=CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. En Django versiones 2.2 anteriores a 2.2.20, versiones 3.0 anteriores a 3.0.14 y versiones 3.1 anteriores a 3.1.8, MultiPartParser permitía un salto de directorio por medio de archivos cargados con nombres de archivo adecuadamente diseñados. Los controladores de carga integrados no están afectados por esta vulnerabilidad A flaw was found in Django. This flaw allows an attacker to upload specially-named files and exploit a flaw in the `MultiPartParser()` function to traverse directories. • https://docs.djangoproject.com/en/3.1/releases/security https://groups.google.com/g/django-announce/c/ePr5j-ngdPU https://lists.debian.org/debian-lts-announce/2021/04/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE https://security.netapp.com/advisory/ntap-20210528-0001 https://www.djangoproject.com/weblog/2021/apr/06/security-releases https://access.redhat.com/security/cve/CVE-2021-28658 https://bugzilla. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 1

CVE-2021-23336 – Web Cache Poisoning

https://notcve.org/view.php?id=CVE-2021-23336

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. El paquete python/cpython desde versiones 0 y anteriores a 3.6.13, desde versiones 3.7.0 y anteriores a 3.7.10, desde versiones 3.8.0 y anteriores a 3.8.8, desde versiones 3.9.0 y anteriores a 3.9.2, son vulnerables al envenenamiento de caché web por medio de urllib.parse.parse_qsl y urllib.parse.parse_qs usando un vector llamado encubrimiento de parámetros. Cuando el atacante puede separar los parámetros de la consulta usando un punto y coma (;), pueden causar una diferencia en la interpretación de la petición entre el proxy (que se ejecuta con la configuración predeterminada) y el servidor. • http://www.openwall.com/lists/oss-security/2021/02/19/4 http://www.openwall.com/lists/oss-security/2021/05/01/2 https://github.com/python/cpython/pull/24297 https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https:/&#x • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •