Описание
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | doesn't use python3.7 |
| devel | released | 2:2.2.16-1 |
| esm-infra-legacy/trusty | not-affected | doesn't use python3.7 |
| esm-infra/bionic | not-affected | doesn't use python3.7 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.2 |
| esm-infra/xenial | not-affected | doesn't use python3.7 |
| focal | released | 2:2.2.12-1ubuntu0.2 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | doesn't use python3.7 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...
Уязвимость реализации режима FILE_UPLOAD_DIRECTORY_PERMISSIONS программной платформы для веб-приложений Django, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5 Medium
CVSS2
7.5 High
CVSS3