py3-django: Multiple vulnerabilities (CVE-2020-24583, CVE-2020-24584)ID: oval:org.secpod.oval:def:1801957 | Date: (C)2021-08-02 (M)2023-11-10 |
Class: PATCH | Family: unix |
On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files and to intermediate-level collected static directories when using the collectstatic management command. On Python 3.7+, the intermediate-level directories of the file system cache had the system"s standard umask rather than 0o077 .
Platform: |
Alpine Linux 3.10 |
Alpine Linux 3.11 |
Alpine Linux 3.12 |
Alpine Linux 3.9 |
Product: |
py3-django |
py-django |