Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-33203

Опубликовано: 08 июн. 2021
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4
CVSS3: 4.9

Описание

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

РелизСтатусПримечание
bionic

released

1:1.11.11-1ubuntu1.14
devel

released

2:2.2.24-1
esm-infra-legacy/trusty

not-affected

esm-infra/bionic

not-affected

1:1.11.11-1ubuntu1.14
esm-infra/focal

not-affected

2:2.2.12-1ubuntu0.7
esm-infra/xenial

released

1.8.7-1ubuntu5.15+esm3
focal

released

2:2.2.12-1ubuntu0.7
groovy

released

2:2.2.16-1ubuntu0.5
hirsute

released

2:2.2.20-1ubuntu0.2
impish

released

2:2.2.24-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 53%
0.00301
Низкий

4 Medium

CVSS2

4.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-33203

CVSS3: 4.9
redhat
около 4 лет назад

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

nvd логотип

CVE-2021-33203

CVSS3: 4.9
nvd
около 4 лет назад

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.

debian логотип

CVE-2021-33203

CVSS3: 4.9
debian
около 4 лет назад

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...

github логотип

GHSA-68w8-qjq3-2gfm

CVSS3: 4.9
github
около 4 лет назад

Path Traversal in Django

fstec логотип

BDU:2021-05245

CVSS3: 4.9
fstec
около 4 лет назад

Уязвимость функции TemplateDetailView компонента django/contrib/admindocs программной платформы для веб-приложений Django, связанная с недостатками ограничения имени пути к каталогу, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 53%
0.00301
Низкий

4 Medium

CVSS2

4.9 Medium

CVSS3