---

CVE-2021-28658 - log back

CVE-2021-28658 edited at 06 Apr 2021 14:06:38
References	https://www.djangoproject.com/weblog/2021/apr/06/security-releases/#s-cve-2021-28658-potential-directory-traversal-via-uploaded-files - https://github.com/django/django/commit/cca0d98118cccf9ae0c6dcf2d6c57fc50469fbf0 + https://github.com/django/django/commit/2820fd1be5dfccbf1216c3845fad8580502473e1

CVE-2021-28658 edited at 06 Apr 2021 10:00:15
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Directory traversal
Description	+ A security issue was discovered in Django before versions 3.1.8, 3.0.14 and 2.2.20. MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
References	+ https://www.djangoproject.com/weblog/2021/apr/06/security-releases/#s-cve-2021-28658-potential-directory-traversal-via-uploaded-files + https://github.com/django/django/commit/cca0d98118cccf9ae0c6dcf2d6c57fc50469fbf0
Notes

CVE-2021-28658 created at 06 Apr 2021 09:57:18