Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 828490 (CVE-2021-44420)

Summary: <dev-python/django-{3.2.10,3.1.14,2.2.25}: Potential bypass of an upstream access control based on URL paths
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: ajak, python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 828499, 828500, 828501    
Bug Blocks:    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-12-07 07:52:02 UTC 
+CVE-2021-44420: Potential bypass of an upstream access control based on URL paths
+=================================================================================
+
+HTTP requests for URLs with trailing newlines could bypass an upstream access
+control based on URL paths.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-12-07 07:53:50 UTC 
*** Bug 828025 has been marked as a duplicate of this bug. ***
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-07 17:47:39 UTC 
Please cleanup.
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-12-07 20:10:36 UTC 
Cleanup done.