CVE-2021-33571 log

Severity Medium
Remote Yes
Type Insufficient validation
A security issue has been found in Django before version 3.2.4. URLValidator, validate_ipv4_address(), and validate_ipv46_address() didn't prohibit leading zeros in octal literals. If you used such values you could suffer from indeterminate SSRF, RFI, and LFI attacks. validate_ipv4_address() and validate_ipv46_address() validators were not affected on Python 3.9.5+.
Group Package Affected Fixed Severity Status Ticket
AVG-2026 python-django 3.2.3-2 3.2.4-1 Medium Fixed
Date Advisory Group Package Severity Type
15 Jun 2021 ASA-202106-41 AVG-2026 python-django Medium multiple issues