Описание
Django Incorrect Default Permissions
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-24584
- https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71
- https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b
- https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f
- https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.openwall.com/lists/oss-security/2020/09/01/2
- https://www.djangoproject.com/weblog/2020/sep/01/security-releases
- https://usn.ubuntu.com/4479-1
- https://security.netapp.com/advisory/ntap-20200918-0004
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU
- https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU
- https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM
- https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-34.yaml
- https://github.com/advisories/GHSA-fr28-569j-53c4
- https://docs.djangoproject.com/en/dev/releases/security
Пакеты
Django
>= 2.2, < 2.2.16
2.2.16
Django
>= 3.0, < 3.0.10
3.0.10
Django
>= 3.1, < 3.1.1
3.1.1
Связанные уязвимости
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...
Уязвимость программной платформы для веб-приложений Django, связанная с связана с неправильными настройками прав доступа по умолчанию, позволяющая нарушителю раскрыть защищаемую информацию