Description

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Remediation

References

CVE-2021-31542

Related Vulnerabilities

Nginx buffer underflow vulnerability

Joomla Improper Input Validation Vulnerability (CVE-2013-5576)

WordPress Plugin WordPress Popular Posts Multiple Vulnerabilities (5.3.2)

Magento CVE-2019-8144 Vulnerability (CVE-2019-8144)

WordPress Plugin Font Uploader 'font-upload.php' Arbitrary File Upload (1.2.4)

Severity

High

Classification

CVE-2021-31542 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities