CVE-2020-24584

Incorrect Default Permissions in pypi/Django

Identifiers

CVE-2020-24584

Package Slug

pypi/Django

Vulnerability

Incorrect Default Permissions

Description

An issue was discovered in Django (when Python + is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

Affected Versions

All versions starting from 2.2 before 2.2.16, all versions starting from 3.0 before 3.0.10, all versions starting from 3.1 before 3.1.1

Solution

Upgrade to versions 2.2.16, 3.0.10, 3.1.1 or above.

Last Modified

2020-09-11

source