CVE-2021-45116 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-45116 Interim 1 11 2025-02-17T00:23:02Z current 2022-01-19T02:16:16Z 2025-02-17T00:23:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-45116 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2022-January/010010.html E-Mail link for SUSE-SU-2022:0102-1 https://lists.suse.com/pipermail/sle-security-updates/2022-January/010016.html E-Mail link for SUSE-SU-2022:0103-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UHF5IZKTZ2T4T4QQYZMUFHW422X3WCU6/ E-Mail link for openSUSE-SU-2023:0005-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 SUSE Package Hub 15 SP3 openSUSE Leap 15.3 python-Django-1.11.29-3.33.1 python-Django1-1.11.29-3.30.1 python3-Django-2.2.28-bp153.2.3.1 python-Django-1.11.29-3.33.1 as a component of HPE Helion OpenStack 8 python-Django-1.11.29-3.33.1 as a component of SUSE OpenStack Cloud 8 python-Django1-1.11.29-3.30.1 as a component of SUSE OpenStack Cloud 9 python-Django-1.11.29-3.33.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-Django1-1.11.29-3.30.1 as a component of SUSE OpenStack Cloud Crowbar 9 python3-Django-2.2.28-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 python3-Django-2.2.28-bp153.2.3.1 as a component of openSUSE Leap 15.3 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. CVE-2021-45116 HPE Helion OpenStack 8:python-Django-1.11.29-3.33.1 SUSE OpenStack Cloud 8:python-Django-1.11.29-3.33.1 SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.30.1 SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.33.1 SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.30.1 SUSE Package Hub 15 SP3:python3-Django-2.2.28-bp153.2.3.1 openSUSE Leap 15.3:python3-Django-2.2.28-bp153.2.3.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N