Lucene search
K

29 matches found

RedHat Linux
RedHat Linux
added 2021/12/09 8:20 p.m.5 views

django: Potential directory-traversal via archive.extract()

A flaw was found in django where thedjango.utils.archive.extract function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS7.1AI score0.07605EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/09/15 1:41 p.m.6 views

django: Potential directory-traversal via archive.extract()

A flaw was found in django where thedjango.utils.archive.extract function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS7.1AI score0.07605EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/03/18 8:29 p.m.82 views

Django Directory Traversal via archive.extract

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS5.9AI score0.07605EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2021/03/18 8:29 p.m.12 views

GHSA-FVGF-6H6H-3322 Django Directory Traversal via archive.extract

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

6.9CVSS7.1AI score0.07605EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2021/03/09 4:10 p.m.8 views

django: Potential directory-traversal via archive.extract()

A flaw was found in django where thedjango.utils.archive.extract function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS7.1AI score0.07605EPSS
Exploits1References4
PyPA
PyPA
added 2021/02/02 7:15 a.m.11 views

PYSEC-2021-9

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS7AI score0.07605EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/02/02 7:15 a.m.9 views

PYSEC-2021-9

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS6.8AI score0.07605EPSS
Exploits1References6
OSV
OSV
added 2021/02/01 10:0 a.m.4 views

UBUNTU-CVE-2021-3281

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...

5.3CVSS6.8AI score0.07605EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/02/01 12:0 a.m.8 views

PT-2021-3618 · Django +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 2.2 before 2.2.18 Django versions 3.0 before 3.0.12 Django versions 3.1 before 3.1.6 Description: The issue is related to the django.utils.archive.extract method, which is used by "startapp --template" and "startproject...

9.8CVSS6.5AI score0.83042EPSS
Exploits6References100
Rows per page
Query Builder