{"api_version":"1","generated_at":"2026-04-22T21:38:31+00:00","cve":"CVE-2021-45116","urls":{"html":"https://cve.report/CVE-2021-45116","api":"https://cve.report/api/cve/CVE-2021-45116.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-45116","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-45116"},"summary":{"title":"CVE-2021-45116","description":"An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-01-05 00:15:00","updated_at":"2023-11-07 03:39:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/","name":"FEDORA-2022-e7fd530688","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 35 Update: python-django-3.2.12-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://groups.google.com/forum/#%21forum/django-announce","name":"https://groups.google.com/forum/#%21forum/django-announce","refsource":"","tags":[],"title":"Redirecting to Google Groups","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://groups.google.com/forum/#!forum/django-announce","name":"https://groups.google.com/forum/#!forum/django-announce","refsource":"MISC","tags":[],"title":"Redirecting to Google Groups","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.djangoproject.com/en/4.0/releases/security/","name":"https://docs.djangoproject.com/en/4.0/releases/security/","refsource":"MISC","tags":[],"title":"Archive of security issues | Django documentation | Django","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/","name":"FEDORA-2022-e7fd530688","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: python-django-3.2.12-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20220121-0005/","name":"https://security.netapp.com/advisory/ntap-20220121-0005/","refsource":"CONFIRM","tags":[],"title":"January 2022 Django Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","name":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","refsource":"CONFIRM","tags":[],"title":"Django security releases issued: 4.0.1, 3.2.11, and 2.2.26 | Weblog | Django","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-45116","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45116","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"45116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"djangoproject","cpe5":"django","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45116","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-45116","qid":"180236","title":"Debian Security Update for python-django (CVE-2021-45116)"},{"cve":"CVE-2021-45116","qid":"198614","title":"Ubuntu Security Notification for Django Vulnerabilities (USN-5204-1)"},{"cve":"CVE-2021-45116","qid":"240566","title":"Red Hat Update for Satellite 6.11 Release (RHSA-2022:5498)"},{"cve":"CVE-2021-45116","qid":"282363","title":"Fedora Security Update for python (FEDORA-2022-e7fd530688)"},{"cve":"CVE-2021-45116","qid":"296062","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 43.113.3 Missing (CPUJAN2022)"},{"cve":"CVE-2021-45116","qid":"502340","title":"Alpine Linux Security Update for py3-django"},{"cve":"CVE-2021-45116","qid":"690765","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for django (d3e023fb-6e88-11ec-b948-080027240888)"},{"cve":"CVE-2021-45116","qid":"960505","title":"Rocky Linux Security Update for Satellite (RLSA-2022:5498)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-45116","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://groups.google.com/forum/#!forum/django-announce","refsource":"MISC","name":"https://groups.google.com/forum/#!forum/django-announce"},{"url":"https://docs.djangoproject.com/en/4.0/releases/security/","refsource":"MISC","name":"https://docs.djangoproject.com/en/4.0/releases/security/"},{"refsource":"CONFIRM","name":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/","url":"https://www.djangoproject.com/weblog/2022/jan/04/security-releases/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220121-0005/","url":"https://security.netapp.com/advisory/ntap-20220121-0005/"},{"refsource":"FEDORA","name":"FEDORA-2022-e7fd530688","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/"}]}},"nvd":{"publishedDate":"2022-01-05 00:15:00","lastModifiedDate":"2023-11-07 03:39:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2","versionEndExcluding":"2.2.26","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"3.2.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.0.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"45116","Ordinal":"223131","Title":"CVE-2021-45116","CVE":"CVE-2021-45116","Year":"2021"},"notes":[]}}}