Your submission was sent successfully! Close

CVE-2021-31542

Published: 4 May 2021

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
python-django
Launchpad, Ubuntu, Debian
bionic
Released (1:1.11.11-1ubuntu1.13)
focal
Released (2:2.2.12-1ubuntu0.6)
groovy
Released (2:2.2.16-1ubuntu0.4)
hirsute
Released (2:2.2.20-1ubuntu0.1)
impish
Released (2:2.2.20-1ubuntu0.1)
jammy
Released (2:2.2.20-1ubuntu0.1)
precise Does not exist

trusty
Released (1.6.11-0ubuntu1.3+esm3)
upstream Needs triage

xenial
Released (1.8.7-1ubuntu5.15+esm1)