CVE Daily

CVE-2021-45116

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 ...

High CVSS 7.5

Overview

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

CWE: CWE-20 Published: 2022-01-05T00:15:07.953
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags