Test ID:	1.3.6.1.4.1.25623.1.0.145923
Category:	Web application abuses
Title:	Django 2.2 < 2.2.22, 3.1 < 3.1.10, 3.2 < 3.2.2 Header Injection Vulnerability - Windows
Summary:	Django is prone to a header injection vulnerability.
Description:	Summary: Django is prone to a header injection vulnerability. Vulnerability Insight: On Python 3.9.5+, URLValidator didn't prohibit newlines and tabs. If you used values with newlines in HTTP response, you could suffer from header injection attacks. Django itself wasn't vulnerable because HttpResponse prohibits newlines in HTTP headers. Moreover, the URLField form field which uses URLValidator silently removes newlines and tabs on Python 3.9.5+, so the possibility of newlines entering your data only existed if you are using this validator outside of the form fields. Affected Software/OS: Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 Solution: Update to version 2.2.22, 3.1.10, 3.2.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-32052 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/ http://www.openwall.com/lists/oss-security/2021/05/06/1 https://docs.djangoproject.com/en/3.2/releases/security/ https://groups.google.com/forum/#!forum/django-announce https://www.djangoproject.com/weblog/2021/may/06/security-releases/
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.