A security issue was discovered in Django before versions 3.1.8, 3.0.14 and 2.2.20. MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
A security issue was discovered in Django before versions 3.1.8, 3.0.14 and 2.2.20. MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/#s-cve-2021-28658-potential-directory-traversal-via-uploaded-files https://github.com/django/django/commit/cca0d98118cccf9ae0c6dcf2d6c57fc50469fbf0