CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

CVE-2026-42196

django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random...

9.9CVSS5.5AI score0.00029EPSS

Exploits0References1

NVD•added 2026/05/12 10:16 p.m.•2 views

CVE-2026-42196

9.9CVSS0.00029EPSS

Exploits0References1

Cvelist•added 2026/05/12 8:58 p.m.•25 views

CVE-2026-42196 django-s3file: Relative path traversal

9.9CVSS0.00029EPSS

Exploits0References1

CVE•added 2026/05/12 8:58 p.m.•6 views

CVE-2026-42196

CVE-2026-42196 affects django-s3file prior to version 7.0.2. The vulnerability resides in the S3FileMiddleware, which can be induced by a modified request to perform relative path traversal, causing the Django application to load files from arbitrary locations into request.FILES. This can lead to...

9.9CVSS5.8AI score0.00029EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 8:58 p.m.•7 views

CVE-2026-42196 django-s3file: Relative path traversal

9.9CVSS5.8AI score0.00029EPSS

Exploits0References1

OSV•added 2026/05/05 8:5 p.m.•5 views

GHSA-67QG-7284-2277 django-s3file is vulnerable to relative path traversal

Impact S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES Depending on how files are handled, this may lead to...

9.9CVSS5.8AI score0.00029EPSS

Exploits0References3

Github Security Blog•added 2026/05/05 8:5 p.m.•6 views

django-s3file is vulnerable to relative path traversal

9.9CVSS5.8AI score0.00029EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/28 12:0 a.m.•3 views

PT-2026-35817

Name of the Vulnerable Software and Affected Versions django-s3file versions prior to 7.0.2 Description S3FileMiddleware is susceptible to relative path traversal, allowing an attacker to use a modified request to escape pre-signed upload locations. This enables the Django application to load fil...

9.9CVSS5.9AI score0.00029EPSS

Exploits0References5

RedhatCVE•added 2025/02/05 9:36 p.m.•4 views

CVE-2022-24840

django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the AWSLOCATION setting was set, traversal was limited to that location only. The issue was...

9.8CVSS6.7AI score0.00558EPSS

Exploits1References1

NVD•added 2022/06/09 4:15 a.m.•9 views

CVE-2022-24840

9.8CVSS0.00558EPSS

Exploits1References2

OSV•added 2022/06/09 4:15 a.m.•20 views

PYSEC-2022-208

9.8CVSS2.1AI score0.00558EPSS

Exploits1References2

PyPA•added 2022/06/09 4:15 a.m.•5 views

PYSEC-2022-208

9.8CVSS6.9AI score0.00558EPSS

Exploits1References2Affected Software1

CVE•added 2022/06/06 7:10 p.m.•94 views

CVE-2022-24840

CVE-2022-24840 concerns django-s3file, a Django/Amazon S3 file-upload helper. The vulnerability (in versions prior to 5.5.1) allows path traversal of the S3 bucket via the s3file middleware, enabling access or deletion of files in many cases. Root cause: insufficient input validation in the middl...

9.8CVSS9.4AI score0.00558EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2022/06/06 7:10 p.m.•6 views

CVE-2022-24840 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in django-s3file

9.1CVSS9.6AI score0.00558EPSS

Exploits1References2

OSV•added 2022/06/06 7:10 p.m.•15 views

CVE-2022-24840 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in django-s3file

9.1CVSS9.2AI score0.00558EPSS

Exploits1References4

Rows per page