Description
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Remediation
References
Related Vulnerabilities
Craft CMS CVE-2017-8383 Vulnerability (CVE-2017-8383)
TwistedHTTP Request Splitting Vulnerability (CVE-2020-10108)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1579)
EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351)