logo

Database

Lack of data validation - Path Traversal In django-s3file

Description

django-s3file is vulnerable to relative path traversal

Impact

S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES

Depending on how files are handled, this may lead to confidentiality and integrity issues.

Patches

Django-S3File urges all users to update to a patched version >=7.0.2.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-421962. NVD-2026-421963. OSV-2026-421964. GHSA-67qg-7284-22775. GCVE-2026-42196

References

1. https://github.com/codingjoe/django-s3file/security/advisories/GHSA-67qg-7284-2277

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.