CVE-2021-33571 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description 
A security issue has been found in Django before version 3.2.4. URLValidator, validate_ipv4_address(), and validate_ipv46_address() didn't prohibit leading zeros in octal literals. If you used such values you could suffer from indeterminate SSRF, RFI, and LFI attacks. validate_ipv4_address() and validate_ipv46_address() validators were not affected on Python 3.9.5+.
Group Package Affected Fixed Severity Status Ticket
AVG-2026 python-django 3.2.3-2 3.2.4-1 Medium Fixed
Date Advisory Group Package Severity Type
15 Jun 2021 ASA-202106-41 AVG-2026 python-django Medium multiple issues
References 
https://www.djangoproject.com/weblog/2021/jun/02/security-releases/#s-cve-2021-33571-possible-indeterminate-ssrf-rfi-and-lfi-attacks-since-validators-accepted-leading-zeros-in-ipv4-addresses
https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d