CVE-2021-44420: 
Django vulnerability analysis and mitigation

CVE-2021-44420 affects Django versions 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10. The vulnerability was discovered and disclosed on December 7, 2021, where HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths (Django Security, NVD).

The vulnerability has a CVSS v3.1 Base Score of 7.3 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. The issue occurs when processing HTTP requests containing URLs with trailing newlines, which could allow bypassing access control mechanisms that are based on URL path validation (NetApp Advisory).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The vulnerability has been classified as having low severity according to Django's security policy (Django Security, NetApp Advisory).

The issue has been fixed in Django versions 2.2.25, 3.1.14, and 3.2.10. Users are encouraged to upgrade to these patched versions as soon as possible. Patches have been applied to Django's main branch and the 4.0, 3.2, 3.1, and 2.2 release branches (Django Security).