16 matches found
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-django20) (RHSA-2021:3490)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3490 advisory. Security Fixes: Potential directory-traversal via archive.extract CVE-2021-3281 Potential directory traversal via admindocs CVE-2021-33203...
RHEL 8 : Red Hat OpenStack Platform 16.1 (python-django20) (RHSA-2021:5070)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5070 advisory. Security Fixes: Potential directory-traversal via archive.extract CVE-2021-3281 potential directory-traversal via uploaded files...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-django20) security update
An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Exploit for Path Traversal in Djangoproject Django
CVE-2021-3281 There is a Directory Traversal vulnerability in...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.19-alt1
2.2.19-alt1 built April 12, 2021 Alexey Shabalin in task 266900 Feb. 24, 2021 Alexey Shabalin - 2.2.19 - rename package to python3-module-django back - Fixes for the following security vulnerabilities: + CVE-2021-3281 Potential directory-traversal via archive.extract + CVE-2021-23336 Web cache...
aether-sdk (>=1.3.4 <=1.3.8), apis-bibsonomy (>=0.2.0 <=0.3.0) +225 more potentially affected by CVE-2021-3281 via django (>=3.1.0 <=3.1.5)
django PYPI version =3.1.0, =1.3.4, =0.2.0, =0.16.12, =0.8.8, =0.5.0, =0.1.0, =1.0.0b3, =0.0.1, =2.11.0, =0.0.32, =0.0.38, =0.0.39 and more Source cves: CVE-2021-3281 Source advisory: OSV:GHSA-FVGF-6H6H-3322...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 1.2.2 security and bug fix update
An update is now available for Red Hat Ansible Automation Platform 1.2.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Security fix for the ALT Linux 10 package python3-module-django version 2.2.19-alt1
Feb. 24, 2021 Alexey Shabalin 2.2.19-alt1 - 2.2.19 - rename package to python3-module-django back - Fixes for the following security vulnerabilities: + CVE-2021-3281 Potential directory-traversal via archive.extract + CVE-2021-23336 Web cache poisoning via django.utils.http.limitedparseqsl...
Fedora 33 : python-django (2021-5329c680f7)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-5329c680f7 advisory. - In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by startapp --template and...
Fedora: Security Advisory for python-django (FEDORA-2021-5329c680f7)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[ASA-202102-18] python-django: directory traversal
Arch Linux Security Advisory ASA-202102-18 ========================================== Severity: Low Date : 2021-02-07 CVE-ID : CVE-2021-3281 Package : python-django Type : directory traversal Remote : No Link : https://security.archlinux.org/AVG-1518 Summary ======= The package python-django befo...
atila-vue (>=0.1.3 <=0.1.3.5), contrail (>=0.3.0 <=1.0.2) +28 more potentially affected by CVE-2021-3281 via django (>=3.0.0 <=3.0.11)
django PYPI version =3.0.0, =0.1.3, =0.3.0, =0.1.1, =0.0.1, =0.0.1, =0.2.1, =0.8.0, =0.7.0, =0.10.0, =0.5.0, =0.6.4 and more Source cves: CVE-2021-3281 Source advisory: OSV:PYSEC-2021-9...
CVE-2021-3281
CVE-2021-3281 affects Django: the django.utils.archive.extract function (used by startapp --template and startproject --template) allows directory traversal via archives containing absolute paths or dot-segment relative paths. Affected releases include Django 2.2 before 2.2.18, 3.0 before 3.0.12,...
CVE-2021-3281
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...
Debian: Security Advisory (DLA-2540-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2540-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2540-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 01, 2021 https://wiki.debian.org/LTS -...