Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-24583

Опубликовано: 01 сент. 2020
Источник: debian

Описание

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-djangofixed2:2.2.16-1package
python-djangonot-affectedstretchpackage

Примечания

  • https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9 (master)

  • https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1)

  • https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e (3.0.10)

  • https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f (2.2.16)

Связанные уязвимости

ubuntu логотип

CVE-2020-24583

CVSS3: 7.5
ubuntu
почти 5 лет назад

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

redhat логотип

CVE-2020-24583

CVSS3: 7.5
redhat
почти 5 лет назад

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

nvd логотип

CVE-2020-24583

CVSS3: 7.5
nvd
почти 5 лет назад

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

github логотип

GHSA-m6gj-h9gm-gw44

CVSS3: 7.5
github
больше 4 лет назад

Django Incorrect Default Permissions

fstec логотип

BDU:2021-00936

CVSS3: 7.5
fstec
почти 5 лет назад

Уязвимость реализации режима FILE_UPLOAD_DIRECTORY_PERMISSIONS программной платформы для веб-приложений Django, позволяющая нарушителю раскрыть защищаемую информацию