VYPR
Moderate severityNVD Advisory· Published Apr 6, 2021· Updated Aug 3, 2024

CVE-2021-28658

CVE-2021-28658

Description

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 2.2a1, < 2.2.202.2.20
DjangoPyPI
>= 3.0a1, < 3.0.143.0.14
DjangoPyPI
>= 3.1a1, < 3.1.83.1.8

Affected products

164

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.