Description

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Remediation

References

CVE-2021-31542

Related Vulnerabilities

Drupal Core 8.7.x Cross-Site Scripting (8.7.0 - 8.7.11)

Sqlite Other Vulnerability (CVE-2019-20218)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-0244)

Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2024-26267)

MySQL CVE-2017-3529 Vulnerability (CVE-2017-3529)

Severity

High

Classification

CVE-2021-31542 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities