Описание
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.11.11-1ubuntu1.15 |
| devel | released | 2:3.2.11-1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | not-affected | 1:1.11.11-1ubuntu1.15 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.9 |
| esm-infra/xenial | needed | |
| focal | released | 2:2.2.12-1ubuntu0.9 |
| hirsute | released | 2:2.2.20-1ubuntu0.4 |
| impish | released | 2:2.2.24-1ubuntu1.2 |
| jammy | released | 2:3.2.11-1 |
Показывать по
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...
Уязвимость функция Storage.save() фреймворка для веб-приложений Django, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
5 Medium
CVSS2
5.3 Medium
CVSS3