Due to leveraging the Django Template Language's variable resolution logic, the :tfilter:`dictsort` template filter was potentially vulnerable to information disclosure or unintended method calls, if passed a suitably crafted key. References: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
Created django:1.6/python-django tracking bugs for this issue: Affects: fedora-all [bug 2037170] Created python-django tracking bugs for this issue: Affects: epel-all [bug 2037171] Affects: fedora-all [bug 2037174] Affects: openstack-rdo [bug 2037172]
Upstream commit: https://github.com/django/django/commit/2a8ec7f546d6d5806e221ec948c5146b55bd7489
This issue has been addressed in the following products: Red Hat Satellite 6.11 for RHEL 7 Red Hat Satellite 6.11 for RHEL 8 Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-45116