CVE-2021-31542
Published: 4 May 2021
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
python-django Launchpad, Ubuntu, Debian |
bionic |
Released
(1:1.11.11-1ubuntu1.13)
|
focal |
Released
(2:2.2.12-1ubuntu0.6)
|
|
groovy |
Released
(2:2.2.16-1ubuntu0.4)
|
|
hirsute |
Released
(2:2.2.20-1ubuntu0.1)
|
|
impish |
Released
(2:2.2.20-1ubuntu0.1)
|
|
jammy |
Released
(2:2.2.20-1ubuntu0.1)
|
|
precise |
Does not exist
|
|
trusty |
Released
(1.6.11-0ubuntu1.3+esm3)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.8.7-1ubuntu5.15+esm1)
|