Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/python-django@3.2.2-1

Type alpm

Namespace archlinux

Name python-django

Version 3.2.2-1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.2.5-1

Latest_non_vulnerable_version 5.1.11-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-v4ad-xxy8-wfc9

vulnerability_id VCID-v4ad-xxy8-wfc9

summary In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32052.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32052.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32052

reference_id

reference_type

scores

value	0.02571
scoring_system	epss
scoring_elements	0.85569
published_at	2026-04-21T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85473
published_at	2026-04-01T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85573
published_at	2026-04-18T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85568
published_at	2026-04-16T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85544
published_at	2026-04-13T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85548
published_at	2026-04-12T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.8555
published_at	2026-04-11T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85535
published_at	2026-04-09T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85526
published_at	2026-04-08T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85506
published_at	2026-04-07T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85502
published_at	2026-04-04T12:55:00Z

value	0.02571
scoring_system	epss
scoring_elements	0.85486
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32052

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1944801

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1944801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32052

reference_url

https://docs.djangoproject.com/en/3.2/releases/security

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.djangoproject.com/en/3.2/releases/security

reference_url	https://docs.djangoproject.com/en/3.2/releases/security/
reference_id
reference_type
scores
url	https://docs.djangoproject.com/en/3.2/releases/security/

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-qm57-vhq3-3fwf

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-qm57-vhq3-3fwf

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml

reference_url

https://groups.google.com/forum/#!forum/django-announce

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!forum/django-announce

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-32052

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-32052

reference_url

https://security.netapp.com/advisory/ntap-20210611-0002

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210611-0002

reference_url

https://www.djangoproject.com/weblog/2021/may/06/security-releases

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.djangoproject.com/weblog/2021/may/06/security-releases

reference_url	https://www.djangoproject.com/weblog/2021/may/06/security-releases/
reference_id
reference_type
scores
url	https://www.djangoproject.com/weblog/2021/may/06/security-releases/

reference_url

http://www.openwall.com/lists/oss-security/2021/05/06/1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/05/06/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1957455
reference_id	1957455
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1957455

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136
reference_id	988136
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988136

reference_url

https://security.archlinux.org/AVG-1924

reference_id

AVG-1924

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1924

reference_url	https://security.gentoo.org/glsa/202509-03
reference_id	GLSA-202509-03
reference_type
scores
url	https://security.gentoo.org/glsa/202509-03

reference_url	https://usn.ubuntu.com/4975-1/
reference_id	USN-4975-1
reference_type
scores
url	https://usn.ubuntu.com/4975-1/

reference_url	https://usn.ubuntu.com/5373-1/
reference_id	USN-5373-1
reference_type
scores
url	https://usn.ubuntu.com/5373-1/

reference_url	https://usn.ubuntu.com/5373-2/
reference_id	USN-5373-2
reference_type
scores
url	https://usn.ubuntu.com/5373-2/

fixed_packages

url	pkg:alpm/archlinux/python-django@3.2.2-1
purl	pkg:alpm/archlinux/python-django@3.2.2-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/python-django@3.2.2-1

aliases BIT-django-2021-32052, CVE-2021-32052, GHSA-qm57-vhq3-3fwf, PYSEC-2021-8

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4ad-xxy8-wfc9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/python-django@3.2.2-1

Package Instance