VYPR
High severityNVD Advisory· Published Aug 4, 2009· Updated Jun 16, 2026

CVE-2009-2659

CVE-2009-2659

Description

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 0.96.0, < 0.96.40.96.4
DjangoPyPI
>= 1.0, < 1.0.31.0.3

Affected products

3
  • cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:django_project:django:0.96:*:*:*:*:*:*:*
    • cpe:2.3:a:django_project:django:1.0:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 0.96.0, < 0.96.4

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.