Description

An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.

Remediation

References

CVE-2021-45116

Related Vulnerabilities

MySQL CVE-2014-2436 Vulnerability (CVE-2014-2436)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31545)

WordPress Plugin Profile Builder-User Profile & User Registration Forms Multiple Unspecified Vulnerabilities (2.5.7)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.34)

Liferay Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-11444)

Severity

High

Classification

CVE-2021-45116 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities