Wind River Support Network

HomeDefectsLIN1019-6009
Fixed

LIN1019-6009 : Security Advisory - python3-django - CVE-2021-3281

Created: Feb 1, 2021    Updated: Dec 17, 2021
Resolved Date: Mar 2, 2021
Found In Version: 10.19.45.1
Fix Version: 10.19.45.16
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by startapp --template and startproject --template) allows directory traversal via an archive with absolute paths or relative paths with dot segments.

https://nvd.nist.gov/vuln/detail/CVE-2021-3281

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube