Description

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Remediation

References

CVE-2021-31542

Related Vulnerabilities

WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)

WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)

Internet Information Services Other Vulnerability (CVE-2004-0205)

WordPress Plugin Catch Infinite Scroll Security Bypass (1.8.1)

WordPress Plugin ThemeREX Addons Remote Code Execution (All)

Severity

High

Classification

CVE-2021-31542 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities