Lucene search
Veracode Vulnerability DatabaseVERACODE:29918HistoryApr 07, 2021 - 2:13 a.m.
Directory Traversal
2021-04-0702:13:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
django
directory traversal
vulnerability
multipartparser
file upload
EPSS
0.008
Percentile
81.1%
Django is vulnerable to directory traversal. An attacker is able upload files with malicious file names via MultiPartParser as it does not sanitize the file_name parameter. Built-in upload handlers were not affected by this vulnerability.
References
docs.djangoproject.com/en/3.1/releases/security/
groups.google.com/g/django-announce/c/ePr5j-ngdPU
lists.debian.org/debian-lts-announce/2021/04/msg00008.html
lists.fedoraproject.org/archives/list/[email protected]/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/
security.netapp.com/advisory/ntap-20210528-0001/
www.djangoproject.com/weblog/2021/apr/06/security-releases
www.djangoproject.com/weblog/2021/apr/06/security-releases/
Related
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Django vulnerability (USN-4902-1)
2021-04-06 00:00:00
Debian DLA-2622-1 : python-django security update
2021-04-12 00:00:00
Debian dla-3744 : python-django - security update
2024-02-29 00:00:00
osv
osv
CVE-2021-28658
2021-04-06 15:15:13
PYSEC-2021-6
2021-04-06 15:15:00
Directory Traversal in Django
2021-04-08 18:11:48
ubuntu
ubuntu
Django vulnerability
2021-04-06 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4902-1)
2021-04-07 00:00:00
Django 2.2 < 2.2.20, 3.0 < 3.0.14, 3.1 < 3.1.8 Directory Traversal Vulnerability - Linux
2021-04-07 00:00:00
Debian: Security Advisory (DLA-2622-1)
2021-04-10 00:00:00
debian
debian
[SECURITY] [DLA 2622-1] python-django security update
2021-04-09 11:47:48
[SECURITY] [DLA 3744-1] python-django security update
2024-02-29 19:11:46
ubuntucve
ubuntucve
CVE-2021-28658
2021-04-06 00:00:00
redhatcve
redhatcve
CVE-2021-28658
2021-04-06 13:51:55
alpinelinux
alpinelinux
CVE-2021-28658
2021-04-06 15:15:13
cve
cve
CVE-2021-28658
2021-04-06 15:15:13
nvd
nvd
CVE-2021-28658
2021-04-06 15:15:13
debiancve
debiancve
CVE-2021-28658
2021-04-06 15:15:13
prion
prion
Directory traversal
2021-04-06 15:15:00
cvelist
cvelist
CVE-2021-28658
2021-04-06 14:51:43
github
github
Directory Traversal in Django
2021-04-08 18:11:48
fedora
fedora
[SECURITY] Fedora 34 Update: python-django-3.1.9-1.fc34
2021-05-12 05:45:05
altlinux
altlinux
redhat
redhat
(RHSA-2021:5070) Moderate: Red Hat OpenStack Platform 16.1 (python-django20) security update
2021-12-09 19:50:28
(RHSA-2021:4702) Moderate: Satellite 6.10 Release
2021-11-16 13:58:57
mageia
mageia
Updated python-django package fixes security vulnerabilities
2021-07-16 11:25:31
oraclelinux
oraclelinux
ol-automation-manager security update
2022-04-27 00:00:00