CVE-2021-45452

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in pypi/Django

Identifiers

CVE-2021-45452

Package Slug

pypi/Django

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Storage.save in Django allows directory traversal if crafted filenames are directly passed to it.

Affected Versions

All versions starting from 2.2 before 2.2.26, all versions starting from 3.2 before 3.2.11, all versions starting from 4.0 before 4.0.1

Solution

Upgrade to versions 2.2.26, 3.2.11, 4.0.1 or above.

Last Modified

2022-01-13

source