GoogleOSV:GHSA-FVGF-6H6H-3322Django Directory Traversal via archive.extract
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
50.3%
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by “startapp --template” and “startproject --template”) allows directory traversal via an archive with absolute paths or relative paths with dot segments.
References
docs.djangoproject.com/en/3.1/releases/3.0.12
docs.djangoproject.com/en/3.1/releases/security
github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624
github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23
github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37
github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a
groups.google.com/forum/#!forum/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO
nvd.nist.gov/vuln/detail/CVE-2021-3281
security.netapp.com/advisory/ntap-20210226-0004
www.djangoproject.com/weblog/2021/feb/01/security-releases
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
50.3%