More information about this CVE will likely be available in a few days
Description
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
Related CPE's
Could not find any relations
References
Weaknesses
Could not find any weaknesses
CVSS impact metrics
Could not find any metrics
Information
Source identifier
Vulnerability status
Awaiting analysis
Published
2024-07-10T05:15:12.167
6 months agoLast modified
2024-07-11T13:05:54.930
6 months ago