CVE-2021-32052
Ubuntu Security Notice USN-5373-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
En Django 2.2 versiones anteriores a 2.2.22, 3.1 versiones anteriores a 3.1.10 y 3.2 versiones anteriores a 3.2.2 (con Python 3.9.5+), URLValidator no prohíbe nuevas líneas y pestañas (a menos que sea usado el campo URLField form). Si una aplicación usa valores con nuevas líneas en una respuesta HTTP, puede ocurrir una inyección de encabezado. Django en sí no está afectado porque HttpResponse prohíbe las nuevas líneas en los encabezados HTTP
It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly use this issue to determine the existence of arbitrary files and in certain configurations obtain their contents. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-05 CVE Reserved
- 2021-05-06 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://groups.google.com/forum/#%21forum/django-announce | X_refsource_misc | |
| https://security.netapp.com/advisory/ntap-20210611-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/05/06/1 | 2023-11-07 | |
| https://docs.djangoproject.com/en/3.2/releases/security | 2023-11-07 | |
| https://www.djangoproject.com/weblog/2021/may/06/security-releases | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 2.2 < 2.2.22 Search vendor "Djangoproject" for product "Django" and version " >= 2.2 < 2.2.22" | - |
Affected
| in | Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.9.5 Search vendor "Python" for product "Python" and version " >= 3.9.5" | - |
Safe
|
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 3.1 < 3.1.10 Search vendor "Djangoproject" for product "Django" and version " >= 3.1 < 3.1.10" | - |
Affected
| in | Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.9.5 Search vendor "Python" for product "Python" and version " >= 3.9.5" | - |
Safe
|
| Djangoproject Search vendor "Djangoproject" | Django Search vendor "Djangoproject" for product "Django" | >= 3.2 < 3.2.2 Search vendor "Djangoproject" for product "Django" and version " >= 3.2 < 3.2.2" | - |
Affected
| in | Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | >= 3.9.5 Search vendor "Python" for product "Python" and version " >= 3.9.5" | - |
Safe
|
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||