django: Potential partial directory-traversal via archive.extract()

A flaw was found in Django. The django.utils.archive.extract function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory...

GHSA-Q95W-C7QG-HRFF Django vulnerable to partial directory traversal via archives

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

Django vulnerable to partial directory traversal via archives

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

PT-2025-40291

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.24 Django versions 5.1 through 5.1.12 Django versions 5.2 through 5.2.6 Description The django.utils.archive.extract function allows for potential directory traversal when handling archives with file paths that...

CVE-2025-59682

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...

SUSE CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

Oracle JavaServer Faces contains multiple vulnerabilities

Overview Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information. Description Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information.Alex Kouzemtchenko and Jon Passki o...

rsync excluded content access restrictions bypass via symlinks

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...

CVE-2007-6200

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, excludefrom, and filter and read or write hidden files via 1 symlink, 2 partial-dir, 3 backup-dir, and unspecified 4 dest options...