Safety vulnerability ID: 40404
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Django 2.2.21, 3.1.9 and 3.2.1 include a fix for CVE-2021-31542: MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
https://www.djangoproject.com/weblog/2021/may/04/security-releases
Latest version: 5.1.4
A high-level Python web framework that encourages rapid development and clean, pragmatic design.
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. See CVE-2021-31542.
MISC:http://www.openwall.com/lists/oss-security/2021/05/04/3: http://www.openwall.com/lists/oss-security/2021/05/04/3
MISC:https://docs.djangoproject.com/en/3.2/releases/security/: https://docs.djangoproject.com/en/3.2/releases/security/
MISC:https://groups.google.com/forum/#!forum/django-announce: https://groups.google.com/forum/#%21forum/django-announce
MISC:https://www.djangoproject.com/weblog/2021/may/04/security-releases/: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application