In Django 2.2 prior to 2.2.21, 3.1 prior to 3.1.9, and 3.2 prior to 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django |
||
debian debian linux 9.0 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |