Lucene search
K

8 matches found

Redos
Redos
added 2025/11/06 12:0 a.m.3 views

ROS-20251106-04

Vulnerability of django.utils.archive.extract function of Django web application software platform is related to errors in the relative directory path handling mechanism. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions. Vulnerability in...

9.8CVSS6.7AI score0.0085EPSS
Exploits0
OSV
OSV
added 2025/10/31 8:58 a.m.4 views

OPENSUSE-SU-2025:20022-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate, alias, aggregate, and extra on MySQL and MariaDB boo1250485 - CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract boo1250487...

9.8CVSS5.9AI score0.0085EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/10/22 1:21 p.m.3 views

django: Potential partial directory-traversal via archive.extract()

A flaw was found in Django. The django.utils.archive.extract function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory...

6.5CVSS7.1AI score0.0085EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/01 9:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the django.utils.archive.extract function used by startapp --template and startproject --template. An attacker can modify files outside the intended extraction directory by crafting an archive with file paths...

8.8CVSS6.5AI score0.0085EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.4 views

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 4.2 up to and including version 4.2.25,...

6.5CVSS7.1AI score0.0085EPSS
Exploits0References4
Hacker One
Hacker One
added 2025/09/05 1:21 p.m.10 views

Django: Path traversal via archive.extract - CVE 2021-3281 incomplete patch

A vulnerability was discovered in the "extract" function of the ZipArchive and TarArchive classes in the Django framework. The vulnerability was caused by the use of the "abspath" function, which removes terminating path separators. This made the guard logic protection insufficient to protect...

5.3CVSS8.2AI score0.07605EPSS
Exploits1
OSV
OSV
added 2025/08/11 1:53 p.m.2 views

BIT-LIBPHP-2021-21706 ZipArchive::extractTo may extract outside of destination dir

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

6.5CVSS7.1AI score0.01337EPSS
Exploits0References3
OSV
OSV
added 2024/06/15 12:0 a.m.3 views

OPENSUSE-SU-2024:10523-1 perl-Archive-Extract-0.78-1.1 on GA media

These are all security issues fixed in the perl-Archive-Extract-0.78-1.1 package on the GA media of openSUSE Tumbleweed...

7.8CVSS8AI score0.00779EPSS
Exploits0References1
Rows per page
Query Builder