VYPR

PyPI package

django-s3file

pkg:pypi/django-s3file

Vulnerabilities (2)

  • CVE-2026-42196CriMay 12, 2026
    affected < 7.0.2fixed 7.0.2

    django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load fi

  • CVE-2022-24840Jun 6, 2022
    affected < 5.5.1fixed 5.5.1

    django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location o