---

CVE-2021-33203 - log back

CVE-2021-33203 edited at 02 Jun 2021 14:19:18
Type	- Information disclosure + Directory traversal

CVE-2021-33203 edited at 02 Jun 2021 10:41:00
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ A security issue has been found in Django before version 3.2.4. Staff members could use the admindocs TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by the developers to also expose the file contents, then not only the existence but also the file contents would have been exposed.
References	+ https://www.djangoproject.com/weblog/2021/jun/02/security-releases/#s-cve-2021-33203-potential-directory-traversal-via-admindocs + https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9
Notes

CVE-2021-33203 created at 02 Jun 2021 10:39:09