Description

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.

Remediation

References

CVE-2021-45452

Related Vulnerabilities

PHP Other Vulnerability (CVE-2003-0860)

WordPress Plugin Social Auto Poster-WordPress Scheduler & Marketing Arbitrary File Upload (5.3.14)

PHP Other Vulnerability (CVE-2002-0121)

WordPress 4.2.x Possible SQL Injection Vulnerability (4.2 - 4.2.16)

WordPress Plugin N-Media Website Contact Form with File Upload Local File Inclusion (1.5)

Severity

Medium

Classification

CVE-2021-45452 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities