摘要:
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
安全等级: Low
公告ID: KylinSec-SA-2022-1851
发布日期: 2022年8月5日
关联CVE: CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
cve名称 | 产品 | 组件 | 是否受影响 |
---|---|---|---|
CVE-2021-28658 | KY3.4-4A | python-django | Unaffected |
CVE-2021-28658 | KY3.4-5 | python-django | Unaffected |
CVE-2021-28658 | KY3.5.1 | python-django | Unaffected |