Directory Traversal Vulnerability in Django Framework by Django Software Foundation
CVE-2021-31542

7.5HIGH

Key Information:

Vendor

Djangoproject

Status
Django
Vendor
CVE Published:
5 May 2021

What is CVE-2021-31542?

A vulnerability in the Django web framework allows attackers to exploit the MultiPartParser, UploadedFile, and FieldFile components, enabling directory traversal through specially crafted file names. This exploitation may lead to unintended local file exposure on the server, posing a significant risk to sensitive data. It is crucial for developers using affected Django versions to apply security updates promptly to fortify their applications against this threat.

References

https://groups.google.com/forum/#%21forum/django-announce
x_refsource_MISC
https://docs.djangoproject.com/en/3.2/releases/security/
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/05/04/3
x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.