• 公告ID (KylinSec-SA-2022-1851)

摘要:

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

安全等级: Low

公告ID: KylinSec-SA-2022-1851

发布日期: 2022年8月5日

关联CVE: CVE-2021-28658  

  • 详细介绍

1. 漏洞描述

   

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

2. 影响范围

cve名称 产品 组件 是否受影响
CVE-2021-28658 KY3.4-4A python-django Unaffected
CVE-2021-28658 KY3.4-5 python-django Unaffected
CVE-2021-28658 KY3.5.1 python-django Unaffected

3. 影响组件

    无

4. 修复版本

    无

5. 修复方法

   无

6. 下载链接

    无
上一篇:KylinSec-SA-2022-1850 下一篇:KylinSec-SA-2022-1852