Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:alpm/archlinux/python-django@3.2.3-2
purl pkg:alpm/archlinux/python-django@3.2.3-2
Next non-vulnerable version 3.2.5-1
Latest non-vulnerable version 5.1.11-1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-c8s7-3g9m-d3cw
Aliases:
BIT-django-2021-33571
CVE-2021-33571
GHSA-p99v-5w3c-jqq9
PYSEC-2021-99
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .
3.2.4-1
Affected by 1 other vulnerability.
VCID-qm34-ec8s-tfd7
Aliases:
BIT-django-2021-33203
CVE-2021-33203
GHSA-68w8-qjq3-2gfm
PYSEC-2021-98
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
3.2.4-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T18:26:43.694343+00:00 Arch Linux Importer Affected by VCID-qm34-ec8s-tfd7 https://security.archlinux.org/AVG-2026 38.0.0
2026-04-01T18:26:43.671973+00:00 Arch Linux Importer Affected by VCID-c8s7-3g9m-d3cw https://security.archlinux.org/AVG-2026 38.0.0