CVE-2021-31542 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=2.2 <2.2.21 || >=3.0 <3.1.9 || >=3.2 <3.2.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05439 pctl0.89799

Details

Path Traversal in Django In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Metadata

Created: 2021-06-04T21:15:56Z
Modified: 2024-09-20T15:30:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-rxjp-mfm9-w4wr/GHSA-rxjp-mfm9-w4wr.json
CWE IDs: ["CWE-22", "CWE-434"]
Alternative ID: GHSA-rxjp-mfm9-w4wr
Finding: F063
Auto approve: 1