CVE-2020-24583

Incorrect Default Permissions in pypi/Django

Identifiers

CVE-2020-24583

Package Slug

pypi/Django

Vulnerability

Incorrect Default Permissions

Description

An issue was discovered in Django (when Python + is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

Affected Versions

All versions starting from 2.2 before 2.2.16, all versions starting from 3.0 before 3.0.10, all versions starting from 3.1 before 3.1.1

Solution

Upgrade to versions 2.2.16, 3.0.10, 3.1.1 or above.

Last Modified

2020-09-12

source