CVE-2021-33203 log

Source
Severity Low
Remote Yes
Type Directory traversal
Description
A security issue has been found in Django before version 3.2.4. Staff members could use the admindocs TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by the developers to also expose the file contents, then not only the existence but also the file contents would have been exposed.
Group Package Affected Fixed Severity Status Ticket
AVG-2026 python-django 3.2.3-2 3.2.4-1 Medium Fixed
Date Advisory Group Package Severity Type
15 Jun 2021 ASA-202106-41 AVG-2026 python-django Medium multiple issues
References
https://www.djangoproject.com/weblog/2021/jun/02/security-releases/#s-cve-2021-33203-potential-directory-traversal-via-admindocs
https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9