CVE-2021-31542

Published: May 5, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://groups.google.com/forum/#%21forum/django-announce

https://docs.djangoproject.com/en/3.2/releases/security/

http://www.openwall.com/lists/oss-security/2021/05/04/3

https://www.djangoproject.com/weblog/2021/may/04/security-releases/

[debian-lts-announce] 20210506 [SECURITY] [DLA 2651-1] python-django security update

mailing-list

FEDORA-2021-01044b8a59

vendor-advisory

https://security.netapp.com/advisory/ntap-20210618-0001/

FEDORA-2022-e7fd530688

vendor-advisory

https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d

https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48

https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-31542

Description

Affected Products

References