Home CVE Database CVE-2021-28658

CVE-2021-28658

Description

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

Priority: MEDIUM
CVSS v3: 5.3
Publish Date: Apr 6, 2021
Related ID: --
CVSS v2: MEDIUM
Modified Date: Apr 9, 2021

Find out more about CVE-2021-28658 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Fixed LIN10-8464
10.17.41.24 --
Wind River Linux 8 Legacy -- -- --
Wind River Linux 9 Legacy -- -- --
Wind River Linux 7 Legacy -- -- --
Wind River Linux LTS 21 Fixed -- 10.21.20.1 --
Wind River Linux LTS 18 Fixed LIN1018-7501
10.18.44.23 --
Wind River Linux LTS 19 Fixed LIN1019-6348
10.19.45.17 --
Wind River Linux CD release Fixed -- 10.21.20.0 --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads

Comments

python3-django

Live chat
Online