Description
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
Remediation
References
Related Vulnerabilities
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-29445)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.36)
Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-1303)
GeoServer CVE-2024-34696 Vulnerability (CVE-2024-34696)
Oracle Database Server CVE-2010-2407 Vulnerability (CVE-2010-2407)