Vulnerability Details CVE-2021-45116
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
- https://security.netapp.com/advisory/ntap-20220121-0005/
- https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
- https://security.netapp.com/advisory/ntap-20220121-0005/
- https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
Products affected by CVE-2021-45116
-
cpe:2.3:a:djangoproject:django:2.2
-
cpe:2.3:a:djangoproject:django:2.2.1
-
cpe:2.3:a:djangoproject:django:2.2.10
-
cpe:2.3:a:djangoproject:django:2.2.11
-
cpe:2.3:a:djangoproject:django:2.2.13
-
cpe:2.3:a:djangoproject:django:2.2.14
-
cpe:2.3:a:djangoproject:django:2.2.15
-
cpe:2.3:a:djangoproject:django:2.2.16
-
cpe:2.3:a:djangoproject:django:2.2.17
-
cpe:2.3:a:djangoproject:django:2.2.18
-
cpe:2.3:a:djangoproject:django:2.2.19
-
cpe:2.3:a:djangoproject:django:2.2.2
-
cpe:2.3:a:djangoproject:django:2.2.20
-
cpe:2.3:a:djangoproject:django:2.2.21
-
cpe:2.3:a:djangoproject:django:2.2.22
-
cpe:2.3:a:djangoproject:django:2.2.23
-
cpe:2.3:a:djangoproject:django:2.2.24
-
cpe:2.3:a:djangoproject:django:2.2.25
-
cpe:2.3:a:djangoproject:django:2.2.3
-
cpe:2.3:a:djangoproject:django:2.2.4
-
cpe:2.3:a:djangoproject:django:2.2.5
-
cpe:2.3:a:djangoproject:django:2.2.6
-
cpe:2.3:a:djangoproject:django:2.2.7
-
cpe:2.3:a:djangoproject:django:2.2.8
-
cpe:2.3:a:djangoproject:django:2.2.9
-
cpe:2.3:a:djangoproject:django:3.2
-
cpe:2.3:a:djangoproject:django:3.2.1
-
cpe:2.3:a:djangoproject:django:3.2.10
-
cpe:2.3:a:djangoproject:django:3.2.2
-
cpe:2.3:a:djangoproject:django:3.2.3
-
cpe:2.3:a:djangoproject:django:3.2.4
-
cpe:2.3:a:djangoproject:django:3.2.5
-
cpe:2.3:a:djangoproject:django:3.2.6
-
cpe:2.3:a:djangoproject:django:3.2.7
-
cpe:2.3:a:djangoproject:django:3.2.8
-
cpe:2.3:a:djangoproject:django:3.2.9
-
cpe:2.3:a:djangoproject:django:4.0
-
cpe:2.3:o:fedoraproject:fedora:35