Wind River Support Network

HomeDefectsLIN10-8211
Fixed

LIN10-8211 : Security Advisory - python3-django - CVE-2021-3281

Created: Feb 1, 2021    Updated: Dec 17, 2021
Resolved Date: Apr 1, 2021
Found In Version: 10.17.41.1
Fix Version: 10.17.41.24
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by startapp --template and startproject --template) allows directory traversal via an archive with absolute paths or relative paths with dot segments.

https://nvd.nist.gov/vuln/detail/CVE-2021-3281

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube