12 matches found
ariadne-jwt (>=0.1.0 <=0.1.3), balder (=0.1.24) +30 more potentially affected by CVE-2020-24583 via django (>=3.1.0 <=3.1.0rc1)
django PYPI version =3.1.0, =0.1.0, =20.13.1, =0.1.0, =0.10.0, =0.9.0, =0.4.0, =0.12.0, =0.5.0, =0.7.0, =0.8.0, =0.13.2 and more Source cves: CVE-2020-24583 Source advisory: OSV:GHSA-M6GJ-H9GM-GW44...
ambition-edc (>=0.3.68 <=0.3.72), boorunaut (=0.4.3) +46 more potentially affected by CVE-2020-24583 via django (>=2.2.0 <=2.2.15)
django PYPI version =2.2.0, =0.3.68, =5.2.1, =0.1.0, =1.0.1, =0.0.1, =0.0.1, =2.0.0, =0.3.0a0, =0.4.0b1 - django-dicom =0.0.1 - django-gov-notify =0.1.0 - django-htmx-rest =0.0.1b1 - django-ios-storekit =1.0.6 and more Source cves: CVE-2020-24583 Source advisory: OSV:GHSA-M6GJ-H9GM-GW44...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.17-alt1
Dec. 11, 2020 Alexey Shabalin 2.2.17-alt1 - new version 2.2.17 - Fixes for the following security vulnerabilities: + CVE-2020-13254 Potential data leakage via malformed memcached keys + CVE-2020-13596 Possible XSS via admin ForeignKeyRawIdWidget + CVE-2020-24583: Incorrect permissions on...
Fedora: Security Advisory for python-django (FEDORA-2020-9c6b391162)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : python-django (2020-94407454d7)
update to 3.0.10, fixes CVE-2020-24583, CVE-2020-24584 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 31 : python-django (2020-6941c0a65b)
update to 2.2.16, CVE-2020-24583, CVE-2020-24584 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
FreeBSD : Django -- multiple vulnerabilities (002432c8-ef6a-11ea-ba8f-08002728f74c)
Django Release notes : CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ On Python 3.7+, FILEUPLOADDIRECTORYPERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files and to intermediate-level collected static...
[ASA-202009-4] python-django: multiple issues
Arch Linux Security Advisory ASA-202009-4 ========================================= Severity: Medium Date : 2020-09-03 CVE-ID : CVE-2020-24583 CVE-2020-24584 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1217 Summary ======= The package...
Django 2.2.x < 2.2.16, 3.0.x < 3.0.10, 3.1.x < 3.1.1 Multiple Vulnerabilities - Windows
Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...
ariadne-jwt (>=0.1.0 <=0.1.3), balder (=0.1.24) +30 more potentially affected by CVE-2020-24583 via django (>=3.1.0 <=3.1.0rc1)
django PYPI version =3.1.0, =0.1.0, =20.13.1, =0.1.0, =0.10.0, =0.9.0, =0.4.0, =0.12.0, =0.5.0, =0.7.0, =0.8.0, =0.13.2 and more Source cves: CVE-2020-24583 Source advisory: OSV:PYSEC-2020-33...
atila-vue (>=0.1.3 <=0.1.3.5), contrail (>=0.3.0 <=1.0.2) +27 more potentially affected by CVE-2020-24583 via django (>=3.0.0 <=3.0.0rc1)
django PYPI version =3.0.0, =0.1.3, =0.3.0, =0.1.1, =0.0.1, =0.0.1, =0.2.1, =0.8.0, =0.7.0, =0.10.0, =0.5.0, =0.6.4 and more Source cves: CVE-2020-24583 Source advisory: OSV:PYSEC-2020-33...
CVE-2020-24583
Django vulnerability CVE-2020-24583 affects 2.2.x before 2.2.16, 3.0.x before 3.0.10, and 3.1.x before 3.1.1 (Python 3.7+). The FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created during file uploads or to intermediate-level collected static directorie...