Moderate severityNVD Advisory· Published Apr 6, 2021· Updated Aug 3, 2024

CVE-2021-28658

Description

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Django MultiPartParser in versions before 2.2.20, 3.0.14, and 3.1.8 allows directory traversal via crafted uploaded file names, enabling arbitrary file writes.

Vulnerability

Django versions 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8 contain a directory traversal vulnerability in the MultiPartParser component. When processing file uploads, the parser does not properly sanitize file names, allowing an attacker to include path traversal sequences (e.g., ../) in the filename. This affects all uses of the multipart parser, which is the default for handling HTTP file uploads. Built-in upload handlers are not affected [1][4].

Exploitation

An attacker must have the ability to submit a multipart form with a file upload to a Django application. No authentication is required if the endpoint accepts unauthenticated uploads. The attacker crafts a filename such as ../../etc/passwd or similar path traversal sequence and includes it as the file's Content-Disposition filename parameter. The MultiPartParser then writes the uploaded content to the location derived from the traversed path, under the server's configured upload directory [1].

Impact

Successful exploitation allows an attacker to write arbitrary files to the file system, limited only by the permissions of the Django process (typically the web server user). This can lead to overwriting application code, configuration files, or static files, potentially resulting in remote code execution, information disclosure, or denial of service [1].

Mitigation

The vulnerability is fixed in Django 2.2.20, 3.0.14, and 3.1.8, released on April 6, 2021 [4]. All users should upgrade to these versions or later. No workarounds are available. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog as of the publication date.

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
DjangoPyPI	>= 2.2a1, < 2.2.20	2.2.20
DjangoPyPI	>= 3.0a1, < 3.0.14	3.0.14
DjangoPyPI	>= 3.1a1, < 3.1.8	3.1.8

Affected products

164

Django/Djangodescription
osv-coords163 versions
pkg:bitnami/django pkg:pypi/django pkg:rpm/suse/ardana-cobbler&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-cobbler&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-swift&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/cassandra&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/cassandra&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/cassandra&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/cassandra&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/cassandra&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/kibana&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/monasca-installer&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-heat-templates&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-elementpath&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-elementpath&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-elementpath&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-elementpath&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-elementpath&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-eventlet&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-eventlet&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-eventlet&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-py&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-pysaml2&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-xmlschema&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-xmlschema&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-xmlschema&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-xmlschema&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-xmlschema&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/rubygem-activerecord-session_store&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-activerecord-session_store&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/rubygem-activerecord-session_store&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
>= 2.2.0, < 2.2.20+ 162 more
- (no CPE)range: >= 2.2.0, < 2.2.20
- (no CPE)range: >= 2.2a1, < 2.2.20
- (no CPE)range: < 8.0+git.1614096566.e8c2b27-3.44.3
- (no CPE)range: < 8.0+git.1614096566.e8c2b27-3.44.3
- (no CPE)range: < 9.0+git.1615223676.777f0b3-3.25.2
- (no CPE)range: < 9.0+git.1618235096.90974ed-3.10.2
- (no CPE)range: < 3.11.10-5.3.5
- (no CPE)range: < 3.11.10-5.3.5
- (no CPE)range: < 3.11.10-3.3.3
- (no CPE)range: < 3.11.10-5.3.5
- (no CPE)range: < 3.11.10-3.3.3
- (no CPE)range: < 5.0+git.1622489449.a8e60e238-3.50.4
- (no CPE)range: < 4.0+git.1616146720.44daffca0-9.81.2
- (no CPE)range: < 5.0+git.1616001417.67fd9c2a1-4.52.5
- (no CPE)range: < 6.0+git.1616146717.a89ae0f4e-3.34.4
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 8.20210512-1.32.5
- (no CPE)range: < 6.7.4-4.18.2
- (no CPE)range: < 6.7.4-1.24.2
- (no CPE)range: < 6.7.4-4.18.2
- (no CPE)range: < 6.7.4-3.23.2
- (no CPE)range: < 6.7.4-4.18.2
- (no CPE)range: < 6.7.4-3.23.2
- (no CPE)range: < 4.6.6-3.9.2
- (no CPE)range: < 4.6.6-9.2
- (no CPE)range: < 4.6.6-3.9.2
- (no CPE)range: < 4.6.6-4.9.2
- (no CPE)range: < 4.6.6-3.9.2
- (no CPE)range: < 4.6.6-4.9.2
- (no CPE)range: < 20180608_12.47-16.2
- (no CPE)range: < 14.1.1~dev11-3.24.6
- (no CPE)range: < 14.1.1~dev11-3.24.6
- (no CPE)range: < 0.0.0+git.1623056900.7917e18-3.21.3
- (no CPE)range: < 0.0.0+git.1623056900.7917e18-3.21.3
- (no CPE)range: < 0.0.0+git.1623056900.7917e18-3.21.3
- (no CPE)range: < 11.1.5~dev17-3.25.5
- (no CPE)range: < 11.1.5~dev17-3.25.5
- (no CPE)range: < 20190923_16.32-3.18.2
- (no CPE)range: < 20190923_16.32-3.18.2
- (no CPE)range: < 20190923_16.32-3.18.2
- (no CPE)range: < 13.0.8~dev164-3.37.4
- (no CPE)range: < 13.0.8~dev164-3.37.4
- (no CPE)range: < 12.0.1~dev29-3.25.3
- (no CPE)range: < 12.0.1~dev29-3.25.3
- (no CPE)range: < 16.1.9~dev92-3.48.5
- (no CPE)range: < 16.1.9~dev92-3.48.5
- (no CPE)range: < 18.3.1~dev82-3.37.6
- (no CPE)range: < 16.1.9~dev92-3.48.5
- (no CPE)range: < 18.3.1~dev82-3.37.6
- (no CPE)range: < 16.1.9~dev92-3.48.5
- (no CPE)range: < 16.1.9~dev92-3.48.5
- (no CPE)range: < 16.1.9~dev92-3.48.5
- (no CPE)range: < 1.11.29-3.25.1
- (no CPE)range: < 1.11.29-3.25.1
- (no CPE)range: < 1.11.29-3.25.3
- (no CPE)range: < 1.8.19-3.29.1
- (no CPE)range: < 1.11.29-3.25.3
- (no CPE)range: < 1.11.29-3.25.3
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 0.20.0-6.3.3
- (no CPE)range: < 0.20.0-6.3.3
- (no CPE)range: < 0.20.0-6.3.3
- (no CPE)range: < 1.4.34-3.3.3
- (no CPE)range: < 1.8.1-11.16.2
- (no CPE)range: < 1.4.34-3.3.3
- (no CPE)range: < 1.5.4-3.3.2
- (no CPE)range: < 1.4.34-3.3.3
- (no CPE)range: < 1.5.4-3.3.2
- (no CPE)range: < 4.0.2-5.9.2
- (no CPE)range: < 4.0.2-5.9.2
- (no CPE)range: < 4.5.0-4.6.2
- (no CPE)range: < 4.0.2-5.9.2
- (no CPE)range: < 4.5.0-4.6.2
- (no CPE)range: < 1.0.18-1.3.3
- (no CPE)range: < 1.0.18-1.3.3
- (no CPE)range: < 1.0.18-1.3.2
- (no CPE)range: < 1.0.18-1.3.3
- (no CPE)range: < 1.0.18-1.3.2
- (no CPE)range: < 0.1.2-3.4.2
- (no CPE)range: < 0.1.2-3.3.2
- (no CPE)range: < 0.1.2-4.3.2
- (no CPE)range: < 5.1.1~dev7-12.32.3
- (no CPE)range: < 5.1.1~dev7-12.32.3
- (no CPE)range: < 5.0.2~dev3-12.33.3
- (no CPE)range: < 5.0.2~dev3-12.33.3
- (no CPE)range: < 7.0.1~dev24-3.23.1
- (no CPE)range: < 9.0.8~dev7-12.30.3
- (no CPE)range: < 9.0.8~dev7-12.30.3
- (no CPE)range: < 11.2.3~dev29-14.34.2
- (no CPE)range: < 11.2.3~dev29-14.34.2
- (no CPE)range: < 13.0.10~dev20-3.26.1
- (no CPE)range: < 5.0.3~dev7-12.31.3
- (no CPE)range: < 5.0.3~dev7-12.31.3
- (no CPE)range: < 7.0.2~dev2-3.23.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.28.3
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.28.3
- (no CPE)range: < 15.0.3~dev3-12.31.3
- (no CPE)range: < 15.0.3~dev3-12.31.3
- (no CPE)range: < 17.0.1~dev30-3.21.1
- (no CPE)range: < 9.0.8~dev22-12.33.2
- (no CPE)range: < 9.0.8~dev22-12.33.2
- (no CPE)range: < 11.0.4~dev4-3.23.1
- (no CPE)range: < 12.0.5~dev6-14.36.6
- (no CPE)range: < 14.1.1~dev11-4.27.3
- (no CPE)range: < 12.0.5~dev6-14.36.3
- (no CPE)range: < 9.1.8~dev8-12.33.3
- (no CPE)range: < 9.1.8~dev8-12.33.3
- (no CPE)range: < 11.1.5~dev17-4.21.2
- (no CPE)range: < 12.0.4~dev11-11.35.3
- (no CPE)range: < 12.0.4~dev11-11.35.3
- (no CPE)range: < 14.2.1~dev4-3.24.3
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.32.2
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.32.2
- (no CPE)range: < 7.2.1~dev1-4.23.1
- (no CPE)range: < 5.1.1~dev5-12.37.3
- (no CPE)range: < 5.1.1~dev5-12.37.3
- (no CPE)range: < 7.4.2~dev60-3.29.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.28.3
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.28.3
- (no CPE)range: < 1.8.2~dev3-3.23.2
- (no CPE)range: < 2.2.2~dev1-11.28.3
- (no CPE)range: < 2.2.2~dev1-11.28.3
- (no CPE)range: < 2.7.1~dev10-3.21.1
- (no CPE)range: < 4.0.2~dev2-12.28.3
- (no CPE)range: < 4.0.2~dev2-12.28.3
- (no CPE)range: < 11.0.9~dev69-13.38.3
- (no CPE)range: < 11.0.9~dev69-13.38.3
- (no CPE)range: < 13.0.8~dev164-6.27.3
- (no CPE)range: < 16.1.9~dev92-11.36.3
- (no CPE)range: < 16.1.9~dev92-11.36.3
- (no CPE)range: < 18.3.1~dev82-3.27.3
- (no CPE)range: < 1.0.6~dev3-12.33.3
- (no CPE)range: < 1.0.6~dev3-12.33.3
- (no CPE)range: < 3.2.3~dev7-4.23.1
- (no CPE)range: < 7.0.5~dev4-11.32.3
- (no CPE)range: < 7.0.5~dev4-11.32.3
- (no CPE)range: < 9.0.2~dev15-3.23.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.23.3
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.23.3
- (no CPE)range: < 2.19.2~dev48-2.18.1
- (no CPE)range: < 8.0.2~dev2-11.32.3
- (no CPE)range: < 8.0.2~dev2-11.32.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xgxc-v2qg-chmhghsaADVISORY
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/mitrevendor-advisoryx_refsource_FEDORA
nvd.nist.gov/vuln/detail/CVE-2021-28658ghsaADVISORY
docs.djangoproject.com/en/3.1/releases/securityghsaWEB
docs.djangoproject.com/en/3.1/releases/security/mitrex_refsource_MISC
github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2021-6.yamlghsaWEB
groups.google.com/g/django-announce/c/ePr5j-ngdPUghsax_refsource_MISCWEB
lists.debian.org/debian-lts-announce/2021/04/msg00008.htmlghsamailing-listx_refsource_MLISTWEB
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUEghsaWEB
pypi.org/project/DjangoghsaWEB
security.netapp.com/advisory/ntap-20210528-0001ghsaWEB
security.netapp.com/advisory/ntap-20210528-0001/mitrex_refsource_CONFIRM
www.djangoproject.com/weblog/2021/apr/06/security-releasesghsaWEB
www.djangoproject.com/weblog/2021/apr/06/security-releases/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000