[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-32052":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":49,"downstream":50,"duplicates":73,"related":74,"reserved_at":9,"published_at":81,"modified_at":82,"state":83,"summary":84,"references_raw":93,"kevs":179,"epss":180,"epss_history":183,"metrics":448,"affected":464},"CVE-2021-32052","In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47,48],"GHSA-qm57-vhq3-3fwf","BIT-django-2021-32052","PYSEC-2021-8",[],[51,53,55,57,59,61,63,65,67,69,71],{"_key":52},"UBUNTU-CVE-2021-32052",{"_key":54},"USN-4975-1",{"_key":56},"USN-5373-1",{"_key":58},"OPENSUSE-SU-2023:0005-1",{"_key":60},"OPENSUSE-SU-2024:11205-1",{"_key":62},"OPENSUSE-SU-2024:13887-1",{"_key":64},"OPENSUSE-SU-2024:14208-1",{"_key":66},"OPENSUSE-SU-2026:10005-1",{"_key":68},"MGASA-2021-0356",{"_key":70},"DEBIAN-CVE-2021-32052",{"_key":72},"USN-5373-2",[],[75,76,77,78,79,80],{"_key":68},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},"2021-05-06T15:49:20.000Z","2024-08-03T23:17:28.409Z","Modified",{"cisa_kev":85,"cisa_ransomware":85,"cisa_vendor":9,"epss_severity":86,"epss_score":87,"severity":88,"severity_score":89,"severity_version":90,"severity_source":91,"severity_vector":92,"severity_status":83},false,"low",0.01859,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[94,100,108,114,119,124,129,134,138,142,146,150,155,159,163,167,171,175],{"url":95,"sources":96,"tags":98},"https://groups.google.com/forum/#%21forum/django-announce",[97,91],"cve.org",[99],"X Refsource MISC",{"url":101,"sources":102,"tags":104},"https://docs.djangoproject.com/en/3.2/releases/security/",[97,91,103],"osv_pypi",[99,105,106,107],"Patch","Vendor Advisory","WEB",{"url":109,"sources":110,"tags":111},"http://www.openwall.com/lists/oss-security/2021/05/06/1",[97,91,103],[99,112,105,113,107],"Mailing List","Third Party Advisory",{"url":115,"sources":116,"tags":117},"https://www.djangoproject.com/weblog/2021/may/06/security-releases/",[97,91,103],[99,105,106,118],"ARTICLE",{"url":120,"sources":121,"tags":122},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/",[97,91],[106,123],"X Refsource FEDORA",{"url":125,"sources":126,"tags":127},"https://security.netapp.com/advisory/ntap-20210611-0002/",[97,91],[128,113],"X Refsource CONFIRM",{"url":130,"sources":131,"tags":132},"https://nvd.nist.gov/vuln/detail/CVE-2021-32052",[103],[133],"Advisory",{"url":135,"sources":136,"tags":137},"https://github.com/django/django/commit/e1e81aa1c4427411e3c68facdd761229ffea6f6f",[103],[107],{"url":139,"sources":140,"tags":141},"https://bugzilla.redhat.com/show_bug.cgi?id=1944801",[103],[107],{"url":143,"sources":144,"tags":145},"https://docs.djangoproject.com/en/3.2/releases/security",[103],[107],{"url":147,"sources":148,"tags":149},"https://github.com/advisories/GHSA-qm57-vhq3-3fwf",[103],[133],{"url":151,"sources":152,"tags":153},"https://github.com/django/django",[103],[154],"PACKAGE",{"url":156,"sources":157,"tags":158},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-8.yaml",[103],[107],{"url":160,"sources":161,"tags":162},"https://groups.google.com/forum/#!forum/django-announce",[103],[107],{"url":164,"sources":165,"tags":166},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE",[103],[107],{"url":168,"sources":169,"tags":170},"https://security.netapp.com/advisory/ntap-20210611-0002",[103],[107],{"url":172,"sources":173,"tags":174},"https://www.djangoproject.com/weblog/2021/may/06/security-releases",[103],[107],{"url":176,"sources":177,"tags":178},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/",[103],[107],[],{"date":181,"score":87,"percentile":182},"2026-06-04",0.83402,[184,188,190,193,196,199,202,205,208,211,214,217,220,222,225,229,232,235,238,240,243,245,248,251,254,257,260,263,266,269,272,275,278,281,283,286,289,292,295,298,301,304,307,309,312,316,319,322,325,328,331,335,338,341,345,348,351,354,357,360,363,366,369,372,374,377,380,383,386,388,390,392,395,397,400,403,406,409,412,415,418,421,424,427,430,433,436,439,442,445],{"date":185,"score":186,"percentile":187},"2025-11-04",0.01079,0.77119,{"date":189,"score":186,"percentile":187},"2025-11-05",{"date":191,"score":186,"percentile":192},"2025-11-06",0.77118,{"date":194,"score":186,"percentile":195},"2025-11-07",0.77132,{"date":197,"score":186,"percentile":198},"2025-11-08",0.77136,{"date":200,"score":186,"percentile":201},"2025-11-09",0.77131,{"date":203,"score":186,"percentile":204},"2025-11-10",0.7712,{"date":206,"score":186,"percentile":207},"2025-11-11",0.77121,{"date":209,"score":186,"percentile":210},"2025-11-12",0.77139,{"date":212,"score":186,"percentile":213},"2025-11-13",0.77148,{"date":215,"score":186,"percentile":216},"2025-11-14",0.77155,{"date":218,"score":186,"percentile":219},"2025-11-15",0.7715,{"date":221,"score":186,"percentile":219},"2025-11-16",{"date":223,"score":186,"percentile":224},"2025-11-17",0.77143,{"date":226,"score":227,"percentile":228},"2025-11-18",0.01321,0.78156,{"date":230,"score":227,"percentile":231},"2025-11-19",0.78164,{"date":233,"score":227,"percentile":234},"2025-11-20",0.78172,{"date":236,"score":186,"percentile":237},"2025-11-21",0.77168,{"date":239,"score":186,"percentile":237},"2025-11-22",{"date":241,"score":186,"percentile":242},"2025-11-23",0.77156,{"date":244,"score":186,"percentile":242},"2025-11-24",{"date":246,"score":186,"percentile":247},"2025-11-25",0.77163,{"date":249,"score":186,"percentile":250},"2025-11-26",0.77169,{"date":252,"score":186,"percentile":253},"2025-11-27",0.77171,{"date":255,"score":186,"percentile":256},"2025-11-28",0.77162,{"date":258,"score":186,"percentile":259},"2025-11-29",0.7717,{"date":261,"score":186,"percentile":262},"2025-11-30",0.77167,{"date":264,"score":186,"percentile":265},"2025-12-01",0.77277,{"date":267,"score":186,"percentile":268},"2025-12-02",0.77287,{"date":270,"score":186,"percentile":271},"2025-12-03",0.77275,{"date":273,"score":186,"percentile":274},"2025-12-04",0.77165,{"date":276,"score":186,"percentile":277},"2025-12-05",0.77172,{"date":279,"score":186,"percentile":280},"2025-12-06",0.77176,{"date":282,"score":186,"percentile":277},"2025-12-07",{"date":284,"score":186,"percentile":285},"2025-12-08",0.77177,{"date":287,"score":186,"percentile":288},"2025-12-09",0.772,{"date":290,"score":186,"percentile":291},"2025-12-10",0.77229,{"date":293,"score":186,"percentile":294},"2025-12-11",0.77245,{"date":296,"score":186,"percentile":297},"2025-12-12",0.77266,{"date":299,"score":186,"percentile":300},"2025-12-13",0.7727,{"date":302,"score":186,"percentile":303},"2025-12-14",0.77268,{"date":305,"score":186,"percentile":306},"2025-12-15",0.77264,{"date":308,"score":186,"percentile":271},"2025-12-16",{"date":310,"score":186,"percentile":311},"2025-12-17",0.77285,{"date":313,"score":314,"percentile":315},"2025-12-18",0.01498,0.80678,{"date":317,"score":314,"percentile":318},"2025-12-19",0.80684,{"date":320,"score":314,"percentile":321},"2025-12-20",0.80676,{"date":323,"score":314,"percentile":324},"2025-12-21",0.8067,{"date":326,"score":314,"percentile":327},"2025-12-22",0.80669,{"date":329,"score":314,"percentile":330},"2025-12-23",0.80672,{"date":332,"score":333,"percentile":334},"2025-12-24",0.01909,0.82808,{"date":336,"score":333,"percentile":337},"2025-12-25",0.82824,{"date":339,"score":333,"percentile":340},"2025-12-26",0.82826,{"date":342,"score":343,"percentile":344},"2025-12-27",0.01036,0.76918,{"date":346,"score":333,"percentile":347},"2025-12-28",0.82813,{"date":349,"score":333,"percentile":350},"2025-12-29",0.82807,{"date":352,"score":333,"percentile":353},"2025-12-30",0.82815,{"date":355,"score":333,"percentile":356},"2025-12-31",0.82829,{"date":358,"score":333,"percentile":359},"2026-01-01",0.82901,{"date":361,"score":333,"percentile":362},"2026-01-02",0.82897,{"date":364,"score":333,"percentile":365},"2026-01-03",0.82891,{"date":367,"score":333,"percentile":368},"2026-01-04",0.82811,{"date":370,"score":333,"percentile":371},"2026-01-05",0.82805,{"date":373,"score":333,"percentile":368},"2026-01-06",{"date":375,"score":333,"percentile":376},"2026-01-07",0.82812,{"date":378,"score":333,"percentile":379},"2026-01-08",0.82819,{"date":381,"score":333,"percentile":382},"2026-01-09",0.8282,{"date":384,"score":333,"percentile":385},"2026-01-10",0.82818,{"date":387,"score":333,"percentile":353},"2026-01-11",{"date":389,"score":333,"percentile":347},"2026-01-12",{"date":391,"score":333,"percentile":350},"2026-01-13",{"date":393,"score":333,"percentile":394},"2026-01-14",0.82825,{"date":396,"score":333,"percentile":337},"2026-01-15",{"date":398,"score":333,"percentile":399},"2026-01-16",0.82832,{"date":401,"score":333,"percentile":402},"2026-01-17",0.82834,{"date":404,"score":314,"percentile":405},"2026-01-18",0.80715,{"date":407,"score":314,"percentile":408},"2026-01-19",0.80707,{"date":410,"score":314,"percentile":411},"2026-01-20",0.80709,{"date":413,"score":314,"percentile":414},"2026-01-21",0.80716,{"date":416,"score":314,"percentile":417},"2026-01-22",0.80726,{"date":419,"score":314,"percentile":420},"2026-01-23",0.80751,{"date":422,"score":314,"percentile":423},"2026-01-24",0.8076,{"date":425,"score":314,"percentile":426},"2026-01-25",0.80752,{"date":428,"score":333,"percentile":429},"2026-01-26",0.82862,{"date":431,"score":333,"percentile":432},"2026-01-27",0.82858,{"date":434,"score":333,"percentile":435},"2026-01-28",0.82861,{"date":437,"score":333,"percentile":438},"2026-01-29",0.82863,{"date":440,"score":333,"percentile":441},"2026-01-30",0.82869,{"date":443,"score":333,"percentile":444},"2026-01-31",0.82875,{"date":446,"score":333,"percentile":447},"2026-02-01",0.82951,[449,459],{"source":91,"cvss_v2_0":450,"cvss_v3_0":9,"cvss_v3_1":455,"cvss_v4_0":9},{"baseScore":451,"baseSeverity":9,"vectorString":452,"impactScore":453,"exploitabilityScore":454},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":89,"baseSeverity":456,"vectorString":92,"impactScore":457,"exploitabilityScore":458},"MEDIUM",4.5,7.2,{"source":103,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":460,"cvss_v4_0":461},{"baseScore":89,"baseSeverity":9,"vectorString":92,"impactScore":457,"exploitabilityScore":458},{"baseScore":462,"baseSeverity":9,"vectorString":463,"impactScore":9,"exploitabilityScore":9},5.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",[465,487,494],{"ecosystem":9,"name":466,"vendor":467,"product":468,"cpe_part":469,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":470},"Django","djangoproject","django","a",[471,479,483],{"version":472,"is_range":473,"range_type":474,"version_start":475,"version_start_type":476,"version_end":477,"version_end_type":478,"fixed_in":9},"gte2.2_lt2.2.22",true,"cpe","2.2","including","2.2.22","excluding",{"version":480,"is_range":473,"range_type":474,"version_start":481,"version_start_type":476,"version_end":482,"version_end_type":478,"fixed_in":9},"gte3.1_lt3.1.10","3.1","3.1.10",{"version":484,"is_range":473,"range_type":474,"version_start":485,"version_start_type":476,"version_end":486,"version_end_type":478,"fixed_in":9},"gte3.2_lt3.2.2","3.2","3.2.2",{"ecosystem":9,"name":488,"vendor":489,"product":488,"cpe_part":490,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":491},"fedora","fedoraproject","o",[492],{"version":493,"is_range":85,"range_type":474,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34",{"ecosystem":495,"name":468,"vendor":495,"product":468,"cpe_part":9,"purl_type":496,"purl_namespace":9,"purl_name":468,"source":9,"versions":497},"PyPI","pypi",[498,501,503],{"version":499,"is_range":473,"range_type":500,"version_start":475,"version_start_type":476,"version_end":477,"version_end_type":478,"fixed_in":9},"gte2_2_lt2_2_22","ecosystem",{"version":502,"is_range":473,"range_type":500,"version_start":481,"version_start_type":476,"version_end":482,"version_end_type":478,"fixed_in":9},"gte3_1_lt3_1_10",{"version":504,"is_range":473,"range_type":500,"version_start":485,"version_start_type":476,"version_end":486,"version_end_type":478,"fixed_in":9},"gte3_2_lt3_2_2"]