CVE-2021-28658 log

Source
Severity Low
Remote Yes
Type Directory traversal
Description
A security issue was discovered in Django before versions 3.1.8, 3.0.14 and 2.2.20. MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
Group Package Affected Fixed Severity Status Ticket
AVG-1776 python-django 3.1.7-1 3.2-1 Low Fixed
References
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/#s-cve-2021-28658-potential-directory-traversal-via-uploaded-files
https://github.com/django/django/commit/2820fd1be5dfccbf1216c3845fad8580502473e1