Arbitrary File Upload

🗓️ 12 Dec 2024 13:57:39Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 7 Views

Django Filer allows arbitrary file uploads due to improper input validation, risking stored XSS attacks.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2024-11404	20 Nov 202412:15	–	attackerkb
Circl	CVE-2024-11404	20 Nov 202413:44	–	circl
CNNVD	Django Filer 代码问题漏洞	20 Nov 202400:00	–	cnnvd
CVE	CVE-2024-11404	20 Nov 202411:55	–	cve
Cvelist	CVE-2024-11404 File Upload Bypass in django Filer	20 Nov 202411:55	–	cvelist
EUVD	EUVD-2024-3360	3 Oct 202520:07	–	euvd
Github Security Blog	Django Filer Unrestricted Upload of File with Dangerous Type	20 Nov 202412:30	–	github
NVD	CVE-2024-11404	20 Nov 202412:15	–	nvd
OSV	GHSA-J4V3-WWWX-5GQV Django Filer Unrestricted Upload of File with Dangerous Type	20 Nov 202412:30	–	osv
Positive Technologies	PT-2024-16962	20 Nov 202400:00	–	ptsecurity

Vulners

Node

django_filer django_filerRange3.0.0rc1–3.2.3python

django_filer django_filerMatch0.1.3apython

django_filer django_filerMatch0.7.0python

django_filer django_filerMatch0.7.1python

django_filer django_filerMatch0.7.2python

django_filer django_filerMatch0.8.1python

django_filer django_filerMatch0.8.2python

django_filer django_filerMatch0.8.3python

django_filer django_filerMatch0.8.4python

django_filer django_filerMatch0.8.5python

django_filer django_filerMatch0.8.6python

django_filer django_filerMatch0.8.7python

django_filer django_filerMatch0.9python

django_filer django_filerMatch0.9.1python

django_filer django_filerMatch0.9.10python

django_filer django_filerMatch0.9.11python

django_filer django_filerMatch0.9.12python

django_filer django_filerMatch0.9.2python

django_filer django_filerMatch0.9.3python

django_filer django_filerMatch0.9.4python

django_filer django_filerMatch0.9.5python

django_filer django_filerMatch0.9.6python

django_filer django_filerMatch0.9.7python

django_filer django_filerMatch0.9.8python

django_filer django_filerMatch0.9.9python

django_filer django_filerMatch1.0.0python

django_filer django_filerMatch1.0.1python

django_filer django_filerMatch1.0.2python

django_filer django_filerMatch1.0.3python

django_filer django_filerMatch1.0.4python

django_filer django_filerMatch1.0.5python

django_filer django_filerMatch1.0.6python

django_filer django_filerMatch1.1.0python

django_filer django_filerMatch1.1.1python

django_filer django_filerMatch1.2.0python

django_filer django_filerMatch1.2.1python

django_filer django_filerMatch1.2.2python

django_filer django_filerMatch1.2.3python

django_filer django_filerMatch1.2.4python

django_filer django_filerMatch1.2.5python

django_filer django_filerMatch1.2.6python

django_filer django_filerMatch1.2.6rc1python

django_filer django_filerMatch1.2.6rc2python

django_filer django_filerMatch1.2.7python

django_filer django_filerMatch1.2.8python

django_filer django_filerMatch1.3.0python

django_filer django_filerMatch1.3.1python

django_filer django_filerMatch1.3.2python

django_filer django_filerMatch1.4.0python

django_filer django_filerMatch1.4.1python

django_filer django_filerMatch1.4.2python

django_filer django_filerMatch1.4.3python

django_filer django_filerMatch1.4.4python

django_filer django_filerMatch1.5.0python

django_filer django_filerMatch1.6.0python

django_filer django_filerMatch1.7.0python

django_filer django_filerMatch1.7.1python

django_filer django_filerMatch2.0.0python

django_filer django_filerMatch2.0.1python

django_filer django_filerMatch2.0.2python

django_filer django_filerMatch2.1python

django_filer django_filerMatch2.1.1python

django_filer django_filerMatch2.1.2python

django_filer django_filerMatch2.1rc1python

django_filer django_filerMatch2.1rc2python

django_filer django_filerMatch2.1rc3python

django_filer django_filerMatch2.1rc4python

django_filer django_filerMatch2.2python

django_filer django_filerMatch2.2.1python

django_filer django_filerMatch2.2.2python

django_filer django_filerMatch2.2.3python

django_filer django_filerMatch2.2.4python

django_filer django_filerMatch2.2.5python

django_filer django_filerMatch2.2.6python

django_filer django_filerMatch2.2.7python

django_filer django_filerMatch2.2.8python

django_filer django_filerMatch2.3rc1python

django_filer django_filerMatch3.0.0python

django_filer django_filerMatch3.0.0rc1python

django_filer django_filerMatch3.0.0rc2python

django_filer django_filerMatch3.0.0rc3python

django_filer django_filerMatch3.0.1python

django_filer django_filerMatch3.0.2python

django_filer django_filerMatch3.0.3python

django_filer django_filerMatch3.0.4python

django_filer django_filerMatch3.0.5python

django_filer django_filerMatch3.0.6python

django_filer django_filerMatch3.1.0python

django_filer django_filerMatch3.1.1python

django_filer django_filerMatch3.1.2python

django_filer django_filerMatch3.1.3python

django_filer django_filerMatch3.1.4python

django_filer django_filerMatch3.2.0python

django_filer django_filerMatch3.2.1python

django_filer django_filerMatch3.2.2python

Source	Link
github	www.github.com/django-cms/django-filer/commit/f8209a6507680661bd134cd30878993b79ef3344
usom	www.usom.gov.tr/bildirim/tr-24-1864
django-cms	www.django-cms.org/en/blog/2024/11/19/security-updates-for-django-filer-and-django-cms-attributes-field
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-11404
iltosec	www.iltosec.com/blog/post/cve-2024-11404-medium-severity-file-upload-vulnerabilities-in-django-filer-323
iltosec	www.iltosec.com/blog/post/djangocms-attributes-field-300-stored-xss-vulnerability
pypi	www.pypi.org/project/django-filer
github	www.github.com/django-cms/django-filer

13 Dec 2025 07:38Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.5

EPSS0.00055

SSVC