Search for packages
| purl | pkg:pypi/django@3.1.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-p9fj-m9t4-aaas
Aliases: BIT-2021-32052 BIT-django-2021-32052 CVE-2021-32052 GHSA-qm57-vhq3-3fwf PYSEC-2021-8 |
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. |
Affected by 8 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 24 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-01-17T02:38:49.319537+00:00 | GHSA Importer | Affected by | VCID-p9fj-m9t4-aaas | None | 35.1.0 |
| 2024-09-17T22:16:01.344497+00:00 | GHSA Importer | Affected by | VCID-p9fj-m9t4-aaas | https://github.com/advisories/GHSA-qm57-vhq3-3fwf | 34.0.1 |
| 2024-01-03T17:45:57.461477+00:00 | GHSA Importer | Affected by | VCID-p9fj-m9t4-aaas | https://github.com/advisories/GHSA-qm57-vhq3-3fwf | 34.0.0rc1 |