828490 – (CVE-2021-44420) <dev-python/django-{3.2.10,3.1.14,2.2.25}: Potential bypass of an upstream access control based on URL paths

Bug 828490 (CVE-2021-44420) - <dev-python/django-{3.2.10,3.1.14,2.2.25}: Potential bypass of an upstream access control based on URL paths

Summary: <dev-python/django-{3.2.10,3.1.14,2.2.25}: Potential bypass of an upstream ac...

Status:	CONFIRMED

Alias:	CVE-2021-44420

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [glsa?]
Keywords:

Duplicates (1):	828025 (view as bug list)
Depends on:	828499 828500 828501
Blocks:
	Show dependency tree

Reported:	2021-12-07 07:52 UTC by Michał Górny
Modified:	2024-02-19 06:27 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2021-12-07 07:52:02 UTC

+CVE-2021-44420: Potential bypass of an upstream access control based on URL paths
+=================================================================================
+
+HTTP requests for URLs with trailing newlines could bypass an upstream access
+control based on URL paths.

Comment 1 Sam James archtester

2021-12-07 07:53:50 UTC

*** Bug 828025 has been marked as a duplicate of this bug. ***

Comment 2 John Helmert III archtester

2021-12-07 17:47:39 UTC

Please cleanup.

Comment 3 Michał Górny archtester

2021-12-07 20:10:36 UTC

Cleanup done.