Vulnerability in Djangoproject Django
CVE-2021-23336
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using…
Vulnerability class: HTTP Request Smuggling
EPSS: 0.373 (98.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H.
Affected products
- Djangoproject Django
- Netapp Cloud_backup
- Netapp Inventory_collect_tool
- Netapp Ontap_select_deploy_administration_utility
- Netapp Snapcenter
- Oracle Communications_offline_mediation_controller — versions 12.0.0.3.0
- Oracle Communications_pricing_design_center — versions 12.0.0.3.0
- Oracle Enterprise_manager_ops_center — versions 12.4.0.0
- Oracle Zfs_storage_appliance — versions 8.8
- Python
Weakness classification (CWE)
Public proof-of-concept exploits
References
- report@snyk.io (Exploit, Third Party Advisory)
- report@snyk.io (Patch, Third Party Advisory)
- report@snyk.io (Technical Description, Third Party Advisory)
- report@snyk.io (mailing-list, Patch, Mailing List, Third Party Advisory)
- report@snyk.io (mailing-list, Mailing List, Third Party Advisory)
- report@snyk.io (vendor-advisory)
- report@snyk.io (vendor-advisory)
- report@snyk.io (vendor-advisory)
- report@snyk.io (vendor-advisory)
- report@snyk.io (mailing-list)
Frequently asked questions
- What is CVE-2021-23336?
- CVE-2021-23336 is a medium-severity vulnerability in Djangoproject Django, classified under Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling). CVSS score: 5.9/10. Published 2021-02-15.
- How severe is CVE-2021-23336?
- Medium severity. CVSS v3 base score is 5.9 out of 10.
- Is CVE-2021-23336 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.