PyPi: Django-Filer

CVE-2024-11404

Safety vulnerability ID: 74227

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 20, 2024 Updated at Dec 08, 2024

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of django-filer are vulnerable to Unrestricted Upload of File with Dangerous Type (CWE-434). This vulnerability allows attackers to upload malicious binary files, potentially leading to data breaches or system compromise. The attack vector involves uploading crafted files through the application's upload functionality. The vulnerability exists due to permissive file validators that accept binary uploads without proper checks. To mitigate, upgrade to django-filer version which restricts binary and unknown file uploads by default and requires explicit validation and virus scanning for such files.

Affected package

django-filer

Latest version: 3.3.1

A file management application for django that makes handling of files and images a breeze.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.5

CVSS v3 Details

MEDIUM 5.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): LOW
Availability Availability (A): LOW