VYPR
Moderate severityNVD Advisory· Published Feb 2, 2021· Updated Aug 3, 2024

CVE-2021-3281

CVE-2021-3281

Description

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
DjangoPyPI
>= 2.2, < 2.2.182.2.18
DjangoPyPI
>= 3.1, < 3.1.63.1.6
DjangoPyPI
>= 3.0, < 3.0.123.0.12

Affected products

82

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.