FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Django -- multiple vulnerabilities

Affected packages
py36-django22 < 2.2.21
py37-django22 < 2.2.21
py38-django22 < 2.2.21
py39-django22 < 2.2.21
py36-django31 < 3.1.9
py37-django31 < 3.1.9
py38-django31 < 3.1.9
py39-django31 < 3.1.9
py36-django32 < 3.2.1
py37-django32 < 3.2.1
py38-django32 < 3.2.1
py39-django32 < 3.2.1

Details

VuXML ID 1766359c-ad6e-11eb-b2a4-080027e50e6d
Discovery 2021-04-22
Entry 2021-05-05

Django Release reports:

CVE-2021-31542:Potential directory-traversal via uploaded files.

MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.

References

CVE Name CVE-2021-31542
URL https://www.djangoproject.com/weblog/2021/may/04/security-releases/