mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.

Browse Source 
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.
This commit is contained in:
Florian Apolloner
2021-11-29 11:52:03 +01:00
committed by Mariusz Felisiak
parent 628b6a6869
commit d4dcd5b9dd
5 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/releases/3.1.14.txt
View File

@@ -6,4 +6,8 @@ Django 3.1.14 release notes
Django 3.1.14 fixes a security issue with severity "low" in 3.1.13.
...
CVE-2021-44420: Potential bypass of an upstream access control based on URL paths
=================================================================================
HTTP requests for URLs with trailing newlines could bypass an upstream access
control based on URL paths.