8 matches found
ROS-20251106-04
Vulnerability of django.utils.archive.extract function of Django web application software platform is related to errors in the relative directory path handling mechanism. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions. Vulnerability in...
OPENSUSE-SU-2025:20022-1 Security update for python-Django
This update for python-Django fixes the following issues: - CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB boo1250485 - CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract boo1250487...
django: Potential partial directory-traversal via archive.extract()
A flaw was found in Django. The django.utils.archive.extract function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the django.utils.archive.extract function used by startapp --template and startproject --template. An attacker can modify files outside the intended extraction directory by crafting an archive with file paths...
Django 安全漏洞
Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 4.2 up to and including version 4.2.25,...
Django: Path traversal via archive.extract - CVE 2021-3281 incomplete patch
A vulnerability was discovered in the "extract" function of the ZipArchive and TarArchive classes in the Django framework. The vulnerability was caused by the use of the "abspath" function, which removes terminating path separators. This made the guard logic protection insufficient to protect...
BIT-LIBPHP-2021-21706 ZipArchive::extractTo may extract outside of destination dir
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...
OPENSUSE-SU-2024:10523-1 perl-Archive-Extract-0.78-1.1 on GA media
These are all security issues fixed in the perl-Archive-Extract-0.78-1.1 package on the GA media of openSUSE Tumbleweed...