CVE-2021-45116

Exposure of Resource to Wrong Sphere in pypi/Django

Identifiers

CVE-2021-45116

Package Slug

pypi/Django

Vulnerability

Exposure of Resource to Wrong Sphere

Description

An issue was discovered in Django. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

Affected Versions

All versions starting from 2.2 before 2.2.26, all versions starting from 3.2 before 3.2.11, all versions starting from 4.0 before 4.0.1

Solution

Upgrade to versions 2.2.26, 3.2.11, 4.0.1 or above.

Last Modified

2022-01-13

source