27 matches found
[SECURITY] [DLA 3744-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3744-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 29, 2024 https://wiki.debian.org/LTS -...
RHEL 8 : Red Hat OpenStack Platform 16.2 (python-django20) (RHSA-2021:3490)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3490 advisory. Security Fixes: Potential directory-traversal via archive.extract CVE-2021-3281 Potential directory traversal via admindocs CVE-2021-33203...
Ubuntu: Security Advisory (USN-4975-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0356)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : Red Hat OpenStack Platform 16.1 (python-django20) (RHSA-2021:5070)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5070 advisory. Security Fixes: Potential directory-traversal via archive.extract CVE-2021-3281 potential directory-traversal via uploaded files...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-django20) security update
An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Updated python-django package fixes security vulnerabilities
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability CVE-2021-28658. In Django 2.2 before 2.2.21, 3.1 before 3.1.9, an...
Security fix for the ALT Linux 10 package python3-module-django version 2.2.24-alt1
July 13, 2021 Alexey Shabalin 2.2.24-alt1 - new version 2.2.24 - Fixes for the following security vulnerabilities: + CVE-2021-28658 Potential directory-traversal via uploaded files + CVE-2021-31542 Potential directory-traversal via uploaded files + CVE-2021-32052 Header injection possibility sinc...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.24-alt1
July 13, 2021 Alexey Shabalin 2.2.24-alt1 - new version 2.2.24 - Fixes for the following security vulnerabilities: + CVE-2021-28658 Potential directory-traversal via uploaded files + CVE-2021-31542 Potential directory-traversal via uploaded files + CVE-2021-32052 Header injection possibility sinc...
[ASA-202106-41] python-django: multiple issues
Arch Linux Security Advisory ASA-202106-41 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-33203 CVE-2021-33571 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2026 Summary ======= The package...
alcali (>=2018.3.4 <=3000.1.0), archivebox (>=0.4.6 <=0.4.21) +216 more potentially affected by CVE-2021-33203 via django (>=3.0.0 <=3.1.11)
django PYPI version =3.0.0, =2018.3.4, =0.4.6, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.0.32, =0.0.33 and more Source cves: CVE-2021-33203 Source advisory: OSV:GHSA-68W8-QJQ3-2GFM...
acclaim-badges (=0.1.0), adarnauth-esi (>=1.4.0 <=1.4.2) +719 more potentially affected by CVE-2021-33203 via django (>=1.10.0 <=2.2.22)
django PYPI version =1.10.0, =1.4.0, =0.2.0.dev20181221, =0.0.0.post0.dev128, =1.0.2, =1.1.1, =1.0.13, =3.0.4, =1.1.1, =1.0.7, =1.0.8 and more Source cves: CVE-2021-33203 Source advisory: OSV:GHSA-68W8-QJQ3-2GFM...
aa-structuretimers (=1.2.2), admin-tool-button (>=1.0.1a0 <=1.0.5a0) +1094 more potentially affected by CVE-2021-33203 via django (>=3.2.0 <=3.2.3)
django PYPI version =3.2.0, =1.0.1a0, =1.4.2, =5.10.1, =2022.9.19, =2.0.0, =0.0.1, =1.0.0, =1.0.6, =3.2.17.0, =1.0.0a4.dev0, =2023.1.0.dev0 and more Source cves: CVE-2021-33203 Source advisory: OSV:GHSA-68W8-QJQ3-2GFM...
Django < 2.2.24, 3.0 < 3.1.12, 3.2 < 3.2.4 Multiple Vulnerabilities - Linux
Django is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Django < 2.2.24, 3.0 < 3.1.12, 3.2 < 3.2.4 Multiple Vulnerabilities - Windows
Django is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-33203
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...
aa-structuretimers (=1.2.2), admin-tool-button (>=1.0.1a0 <=1.0.5a0) +1094 more potentially affected by CVE-2021-33203 via django (>=3.2.0 <=3.2.3)
django PYPI version =3.2.0, =1.0.1a0, =1.4.2, =5.10.1, =2022.9.19, =2.0.0, =0.0.1, =1.0.0, =1.0.6, =3.2.17.0, =1.0.0a4.dev0, =2023.1.0.dev0 and more Source cves: CVE-2021-33203 Source advisory: OSV:PYSEC-2021-98...
alcali (>=2018.3.4 <=3000.1.0), archivebox (>=0.4.6 <=0.4.21) +216 more potentially affected by CVE-2021-33203 via django (>=3.0.0 <=3.1.11)
django PYPI version =3.0.0, =2018.3.4, =0.4.6, =1.0.0, =0.1.0, =0.1.0, =0.1.3, =0.1.3, =0.18.0, =0.3.0, =2.8.0, =0.0.1, =0.0.32, =0.0.33 and more Source cves: CVE-2021-33203 Source advisory: OSV:PYSEC-2021-98...
acclaim-badges (=0.1.0), adarnauth-esi (>=1.4.0 <=1.4.2) +719 more potentially affected by CVE-2021-33203 via django (>=1.10.0 <=2.2.22)
django PYPI version =1.10.0, =1.4.0, =0.2.0.dev20181221, =0.0.0.post0.dev128, =1.0.2, =1.1.1, =1.0.13, =3.0.4, =1.1.1, =1.0.7, =1.0.8 and more Source cves: CVE-2021-33203 Source advisory: OSV:PYSEC-2021-98...
CVE-2021-33203
CVE-2021-33203 affects Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4. A directory traversal flaw via django.contrib.admindocs allows staff using the admindocs TemplateDetailView to check the existence of arbitrary files, and, if default admindocs templates were customized to dis...