Tengma

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.4.7 through 2.4.51 **Description** The issue is related to a Server Side Request Forgery (SSRF) attack, which can be conducted by sending a specially crafted HTTP request. This can cause a crash due to a NULL pointer dereference or allow requests to be directed to a declared Unix Domain Socket endpoint for configurations that mix forward and reverse proxy declarations. The exploitation of this issue can allow a remote attacker to conduct an SSRF attack. **Recommendations** For Apache HTTP Server versions 2.4.7 through 2.4.51, update to version 2.4.53 to resolve the issue. As a temporary workaround, consider disabling the forward proxy configuration (ProxyRequests off) until a patch is available. Restrict access to declared Unix Domain Socket endpoints to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.25 Django versions 3.1 before 3.1.14 Django versions 3.2 before 3.2.10 Description: HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low severity, according to the Django security policy. Recommendations: For Django versions 2.2 before 2.2.25, update to version 2.2.25 or later. For Django versions 3.1 before 3.1.14, update to version 3.1.14 or later. For Django versions 3.2 before 3.2.10, update to version 3.2.10 or later.