Log

ASA-202102-4 created at 01 Feb 2021 15:28:10
ASA-202102-3 edited at 01 Feb 2021 15:27:56
Impact
- A remote attacker might be able to access sensitive information or execute arbitrary code. In addition, an attacker in position of man-in-the-middle might be able to inject SMTP commands into a secure communication channel with the server.
+ A remote attacker might be able to access sensitive information or execute arbitrary code. In addition, an attacker in position of man-in-the-middle might be able to inject an IMAP response into a secure communication channel with the server.
ASA-202102-3 edited at 01 Feb 2021 15:26:30
Impact
+ A remote attacker might be able to access sensitive information or execute arbitrary code. In addition, an attacker in position of man-in-the-middle might be able to inject SMTP commands into a secure communication channel with the server.
ASA-202102-3 created at 01 Feb 2021 15:25:04
ASA-202102-2 edited at 01 Feb 2021 15:24:57
Impact
+ A remote attacker might be able to trick the user into performing unwanted actions, bypass security measures, access sensitive information or execute arbitrary code.
ASA-202102-2 created at 01 Feb 2021 15:23:57
ASA-202102-1 edited at 01 Feb 2021 15:23:27
Impact
+ A remote attacker might be able to perform click-jacking attacks, access sensitive information or execute arbitrary code.
ASA-202102-1 created at 01 Feb 2021 14:18:27
AVG-1518 edited at 01 Feb 2021 11:38:04
Severity
- Unknown
+ Medium
CVE-2021-3281 edited at 01 Feb 2021 11:38:04
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Directory traversal
Description
+ The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments.
References
+ https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
+ https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624
Notes
AVG-1518 created at 01 Feb 2021 11:35:43
Packages
+ python-django
Issues
+ CVE-2021-3281
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 3.1.5-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-3281 created at 01 Feb 2021 11:35:43