CVE-2021-28658

Path Traversal in pypi/Django

Identifier

CVE-2021-28658

Package Slug

pypi/Django

Vulnerability

Path Traversal

Description

In Django the MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

Affected Versions

All versions starting from 2.2 before 2.2.20, all versions starting from 3.0 before 3.0.14, all versions starting from 3.1 before 3.1.8

Solution

Upgrade to versions 2.2.20, 3.0.14, 3.1.8 or above.

Last Modified

2021-04-21

source