Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-31542

Опубликовано: 04 мая 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

A flaw was found in Django. MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names. The highest threat from this vulnerability is to data confidentiality.

Отчет

Red Hat Update Infrastructure is in the maintenance phase and we will not be fixing Medium/Low impact security bugs. Reference: https://access.redhat.com/support/policy/updates/rhui

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2djangoAffected
Red Hat Ansible Automation Platform 1.2python-djangoAffected
Red Hat Ansible Tower 3djangoNot affected
Red Hat Ceph Storage 2calamari-serverOut of support scope
Red Hat Ceph Storage 2python-djangoOut of support scope
Red Hat Ceph Storage 3python-djangoOut of support scope
Red Hat OpenStack Platform 10 (Newton)python-djangoOut of support scope
Red Hat OpenStack Platform 13 (Queens)python-djangoWill not fix
Red Hat Satellite 6python-djangoWill not fix
Red Hat Storage 3python-djangoAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=1954294django: Potential directory-traversal via uploaded files

EPSS

Процентиль: 88%
0.04357
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-31542

CVSS3: 7.5
ubuntu
около 4 лет назад

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

nvd логотип

CVE-2021-31542

CVSS3: 7.5
nvd
около 4 лет назад

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

debian логотип

CVE-2021-31542

CVSS3: 7.5
debian
около 4 лет назад

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...

github логотип

GHSA-rxjp-mfm9-w4wr

CVSS3: 7.5
github
около 4 лет назад

Path Traversal in Django

fstec логотип

BDU:2021-05215

CVSS3: 7.5
fstec
около 4 лет назад

Уязвимость компонентов MultiPartParser, UploadedFile, FieldFile программной платформы для веб-приложений Django, связанная с отсутствием ограничений на загрузку файлов, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 88%
0.04357
Низкий

7.5 High

CVSS3