SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2021-31542

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 7.5		CVSS Score : 5.0
Exploit Score: 3.9		Exploit Score: 10.0
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: NONE
Confidentiality: HIGH		Availability: NONE
Integrity: NONE
Availability: NONE

Reference:

FEDORA-2021-01044b8a59

FEDORA-2022-e7fd530688

https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html

http://www.openwall.com/lists/oss-security/2021/05/04/3

https://docs.djangoproject.com/en/3.2/releases/security/

https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d

https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48

https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007

https://groups.google.com/forum/#%21forum/django-announce

https://security.netapp.com/advisory/ntap-20210618-0001/

https://www.djangoproject.com/weblog/2021/may/04/security-releases/


30479



423868



250770



909



196157



282