diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2021-11-29 11:52:03 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-12-07 06:56:06 +0100 |
| commit | 22bd17488159601bf0741b70ae7932bffea8eced (patch) | |
| tree | 4071770d041ca672e79cc9e87a33016b60703db9 /docs/releases | |
| parent | cfb780dafe29e2243d9b48d0783b729b315341bb (diff) | |
[3.1.x] Fixed #30530, CVE-2021-44420 -- Fixed potential bypass of an upstream access control based on URL paths.
Thanks Sjoerd Job Postmus and TengMA(@te3t123) for reports.
Backport of d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6 from main.
Diffstat (limited to 'docs/releases')
| -rw-r--r-- | docs/releases/2.2.25.txt | 6 | ||||
| -rw-r--r-- | docs/releases/3.1.14.txt | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/docs/releases/2.2.25.txt b/docs/releases/2.2.25.txt index e8e552d80e..1662451a30 100644 --- a/docs/releases/2.2.25.txt +++ b/docs/releases/2.2.25.txt @@ -6,4 +6,8 @@ Django 2.2.25 release notes Django 2.2.25 fixes a security issue with severity "low" in 2.2.24. -... +CVE-2021-44420: Potential bypass of an upstream access control based on URL paths +================================================================================= + +HTTP requests for URLs with trailing newlines could bypass an upstream access +control based on URL paths. diff --git a/docs/releases/3.1.14.txt b/docs/releases/3.1.14.txt index 45775c3ce6..fb6fef8884 100644 --- a/docs/releases/3.1.14.txt +++ b/docs/releases/3.1.14.txt @@ -6,4 +6,8 @@ Django 3.1.14 release notes Django 3.1.14 fixes a security issue with severity "low" in 3.1.13. -... +CVE-2021-44420: Potential bypass of an upstream access control based on URL paths +================================================================================= + +HTTP requests for URLs with trailing newlines could bypass an upstream access +control based on URL paths. |