Описание
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3:4.2.14-1 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | released | 1:1.11.11-1ubuntu1.21+esm5 |
| esm-infra/focal | not-affected | 2:2.2.12-1ubuntu0.23 |
| esm-infra/xenial | needs-triage | |
| focal | released | 2:2.2.12-1ubuntu0.23 |
| jammy | released | 2:3.2.12-2ubuntu1.12 |
| mantic | released | 3:4.2.4-1ubuntu2.3 |
| noble | released | 3:4.2.11-1ubuntu1.1 |
| oracular | not-affected | 3:4.2.14-1 |
Показывать по
4.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2. ...
Уязвимость функции generate_filename() класса django.core.files.storage.Storage программной платформы для веб-приложений Django, позволяющая нарушителю записывать произвольные файлы
4.3 Medium
CVSS3