VYPR

Django S3file

by Codingjoe

Source repositories

CVEs (2)

  • CVE-2026-42196CriMay 12, 2026
    risk 0.57cvss epss 0.01

    django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load…

  • CVE-2022-24840Jun 6, 2022
    risk 0.00cvss epss 0.02

    django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location…