Djangoproject: >> Django >> 3.1.12 Security Vulnerabilities
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
CVSS Score
7.3
EPSS Score
0.001
Published
2021-12-08
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
CVSS Score
9.8
EPSS Score
0.07
Published
2021-07-02