CVE-2021-3281 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Directory traversal
Description	In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1518	python-django	3.1.5-1	3.1.6-1	Low	Fixed

Date	Advisory	Group	Package	Severity	Type
07 Feb 2021	ASA-202102-18	AVG-1518	python-django	Low	directory traversal

References
https://www.djangoproject.com/weblog/2021/feb/01/security-releases/ https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624