CVE-2021-28658 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Directory traversal
Description	A security issue was discovered in Django before versions 3.1.8, 3.0.14 and 2.2.20. MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1776	python-django	3.1.7-1	3.2-1	Low	Fixed

References
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/#s-cve-2021-28658-potential-directory-traversal-via-uploaded-files https://github.com/django/django/commit/2820fd1be5dfccbf1216c3845fad8580502473e1

References

https://www.djangoproject.com/weblog/2021/apr/06/security-releases/#s-cve-2021-28658-potential-directory-traversal-via-uploaded-files
https://github.com/django/django/commit/2820fd1be5dfccbf1216c3845fad8580502473e1