Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-39330

Опубликовано: 09 июл. 2024
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)

A vulnerability was found in Python-Django in the Derived classes of the django.core.files.storage.Storage base class that overrides the generate_filename() without replicating the file path validations existing in the parent class. This flaw allows potential directory traversal via certain inputs when calling save(). Built-in Storage sub-classes were not affected by this vulnerability.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2ansible-towerAffected
Red Hat Ansible Automation Platform 2ansible-automation-platform-25/lightspeed-rhel8Fix deferred
Red Hat Ansible Automation Platform 2automation-controllerFix deferred
Red Hat Certification for Red Hat Enterprise Linux 7python-djangoAffected
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certificationAffected
Red Hat Certification for Red Hat Enterprise Linux 9redhat-certificationAffected
Red Hat Discoverydiscovery-server-containerAffected
Red Hat OpenStack Platform 16.1python-django20Affected
Red Hat OpenStack Platform 16.2python-django20Affected
Red Hat OpenStack Platform 17.1python-djangoAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-22
https://bugzilla.redhat.com/show_bug.cgi?id=2295937python-django: Potential directory-traversal in django.core.files.storage.Storage.save()

EPSS

Процентиль: 15%
0.0005
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-39330

CVSS3: 4.3
ubuntu
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)

nvd логотип

CVE-2024-39330

CVSS3: 4.3
nvd
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)

debian логотип

CVE-2024-39330

CVSS3: 4.3
debian
11 месяцев назад

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...

github логотип

GHSA-9jmf-237g-qf46

CVSS3: 7.5
github
11 месяцев назад

Django Path Traversal vulnerability

fstec логотип

BDU:2024-07170

CVSS3: 5.5
fstec
12 месяцев назад

Уязвимость функции generate_filename() класса django.core.files.storage.Storage программной платформы для веб-приложений Django, позволяющая нарушителю записывать произвольные файлы

EPSS

Процентиль: 15%
0.0005
Низкий

4.3 Medium

CVSS3