mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-10 20:59:12 +00:00
Code Issues 32 Releases Wiki Activity

[2.2.x] Added CVE-2021-33203 and CVE-2021-33571 to security archive.

Browse Source 
Backport of a39f235ca4cb7370dba3a3dedeaab0106d27792f from main
This commit is contained in:
Carlton Gibson 2021-06-02 11:15:54 +02:00
parent 48bde7cab4
commit 3e7bb564be
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/releases/security.txt
View File

@ -1203,3 +1203,30 @@ Versions affected
* Django 3.2 :commit:`(patch) <2d2c1d0c97832860fbd6597977e2aae17dd7e5b2>` * Django 3.2 :commit:`(patch) <2d2c1d0c97832860fbd6597977e2aae17dd7e5b2>`
* Django 3.1 :commit:`(patch) <afb23f5929944a407e4990edef1c7806a94c9879>` * Django 3.1 :commit:`(patch) <afb23f5929944a407e4990edef1c7806a94c9879>`
* Django 2.2 :commit:`(patch) <d9594c4ea57b6309d93879805302cec9ae9f23ff>` * Django 2.2 :commit:`(patch) <d9594c4ea57b6309d93879805302cec9ae9f23ff>`
June 2, 2021 - :cve:`2021-33203`
-------------------------------
Potential directory traversal via ``admindocs``. `Full description
<https://www.djangoproject.com/weblog/2021/jun/02/security-releases/>`__
Versions affected
~~~~~~~~~~~~~~~~~
* Django 3.2 :commit:`(patch) <dfaba12cda060b8b292ae1d271b44bf810b1c5b9>`
* Django 3.1 :commit:`(patch) <20c67a0693c4ede2b09af02574823485e82e4c8f>`
* Django 2.2 :commit:`(patch) <053cc9534d174dc89daba36724ed2dcb36755b90>`
June 2, 2021 - :cve:`2021-33571`
-------------------------------
Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted
leading zeros in IPv4 addresses. `Full description
<https://www.djangoproject.com/weblog/2021/jun/02/security-releases/>`__
Versions affected
~~~~~~~~~~~~~~~~~
* Django 3.2 :commit:`(patch) <9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d>`
* Django 3.1 :commit:`(patch) <203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e>`
* Django 2.2 :commit:`(patch) <f27c38ab5d90f68c9dd60cabef248a570c0be8fc>`