Search for packages
Package details: pkg:alpm/archlinux/python-django@3.2.1-1
purl pkg:alpm/archlinux/python-django@3.2.1-1
Next non-vulnerable version 3.2.2-1
Latest non-vulnerable version 5.1.11-1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-p9fj-m9t4-aaas
Aliases:
BIT-2021-32052
BIT-django-2021-32052
CVE-2021-32052
GHSA-qm57-vhq3-3fwf
PYSEC-2021-8
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
3.2.2-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-r32d-wxg1-aaap In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. BIT-2021-31542
BIT-django-2021-31542
CVE-2021-31542
GHSA-rxjp-mfm9-w4wr
PYSEC-2021-7

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:47:04.272489+00:00 Arch Linux Importer Fixing VCID-r32d-wxg1-aaap https://security.archlinux.org/AVG-1910 36.0.0
2025-03-28T07:46:36.062270+00:00 Arch Linux Importer Affected by VCID-p9fj-m9t4-aaas https://security.archlinux.org/AVG-1924 36.0.0
2024-09-18T02:02:27.514801+00:00 Arch Linux Importer Fixing VCID-r32d-wxg1-aaap https://security.archlinux.org/AVG-1910 34.0.1
2024-09-18T02:01:55.545972+00:00 Arch Linux Importer Affected by VCID-p9fj-m9t4-aaas https://security.archlinux.org/AVG-1924 34.0.1
2024-01-03T22:28:28.472053+00:00 Arch Linux Importer Fixing VCID-r32d-wxg1-aaap https://security.archlinux.org/AVG-1910 34.0.0rc1
2024-01-03T22:27:59.656483+00:00 Arch Linux Importer Affected by VCID-p9fj-m9t4-aaas https://security.archlinux.org/AVG-1924 34.0.0rc1