ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΡΡΠ½ΠΊΡΠΈΠΈ generate_filename() ΠΊΠ»Π°ΡΡΠ° django.core.files.storage.Storage ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΠΎΠΉ ΠΏΠ»Π°ΡΡΠΎΡΠΌΡ Π΄Π»Ρ Π²Π΅Π±-ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ Django ΡΠ²ΡΠ·Π°Π½Π° Ρ Π½Π΅Π²Π΅ΡΠ½ΡΠΌ ΠΎΠ³ΡΠ°Π½ΠΈΡΠ΅Π½ΠΈΠ΅ΠΌ ΠΈΠΌΠ΅Π½ΠΈ ΠΏΡΡΠΈ ΠΊ ΠΊΠ°ΡΠ°Π»ΠΎΠ³Ρ Ρ ΠΎΠ³ΡΠ°Π½ΠΈΡΠ΅Π½Π½ΡΠΌ Π΄ΠΎΡΡΡΠΏΠΎΠΌ. ΠΠΊΡΠΏΠ»ΡΠ°ΡΠ°ΡΠΈΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ ΠΌΠΎΠΆΠ΅Ρ ΠΏΠΎΠ·Π²ΠΎΠ»ΠΈΡΡ Π½Π°ΡΡΡΠΈΡΠ΅Π»Ρ, Π΄Π΅ΠΉΡΡΠ²ΡΡΡΠ΅ΠΌΡ ΡΠ΄Π°Π»ΡΠ½Π½ΠΎ, Π·Π°ΠΏΠΈΡΡΠ²Π°ΡΡ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ»ΡΠ½ΡΠ΅ ΡΠ°ΠΉΠ»Ρ
ΠΠ΅Π½Π΄ΠΎΡ
ΠΠ°ΠΈΠΌΠ΅Π½ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΠ
ΠΠ΅ΡΡΠΈΡ ΠΠ
Π’ΠΈΠΏ ΠΠ
ΠΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΡΠ΅ ΡΠΈΡΡΠ΅ΠΌΡ ΠΈ Π°ΠΏΠΏΠ°ΡΠ°ΡΠ½ΡΠ΅ ΠΏΠ»Π°ΡΡΠΎΡΠΌΡ
Π£ΡΠΎΠ²Π΅Π½Ρ ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
ΠΠΎΠ·ΠΌΠΎΠΆΠ½ΡΠ΅ ΠΌΠ΅ΡΡ ΠΏΠΎ ΡΡΡΡΠ°Π½Π΅Π½ΠΈΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
Π‘ΡΠ°ΡΡΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
ΠΠ°Π»ΠΈΡΠΈΠ΅ ΡΠΊΡΠΏΠ»ΠΎΠΉΡΠ°
ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ ΠΎΠ± ΡΡΡΡΠ°Π½Π΅Π½ΠΈΠΈ
Π‘ΡΡΠ»ΠΊΠΈ Π½Π° ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΈ
ΠΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡΡ Π΄ΡΡΠ³ΠΈΡ ΡΠΈΡΡΠ΅ΠΌ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠΉ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠ΅ΠΉ
- CVE
EPSS
5.5 Medium
CVSS3
5.2 Medium
CVSS2
Π‘Π²ΡΠ·Π°Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...
EPSS
5.5 Medium
CVSS3
5.2 Medium
CVSS2