VYPR
High severityNVD Advisory· Published Jun 8, 2021· Updated Aug 3, 2024

CVE-2021-33571

CVE-2021-33571

Description

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 2.2a1, < 2.2.242.2.24
DjangoPyPI
>= 3.0a1, < 3.1.123.1.12
DjangoPyPI
>= 3.2a1, < 3.2.43.2.4

Affected products

169

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.