Storage.save in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
djangoproject django |
||
fedoraproject fedora 35 |