Showing 1 - 3 of 3

CVE-2021-28658

Status Candidate

Overview

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

Related Files

Red Hat Security Advisory 2021-5070-02: Posted Dec 10, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-5070-02 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.; tags | advisory, remote, local, vulnerability, python, file inclusion; systems | linux, redhat; advisories | CVE-2021-28658, CVE-2021-31542, CVE-2021-3281, CVE-2021-33203, CVE-2021-33571; SHA-256 | ffda29beeea0e12945c6104476712c3a616df43c26b412c9ebce4eee73c3f2a8; Download | Favorite | View

Red Hat Security Advisory 2021-4702-01: Posted Nov 17, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4702-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include XML injection, code execution, denial of service, information leakage, local file inclusion, man-in-the-middle, memory leak, open redirection, password leak, remote file inclusion, remote shell upload, and traversal vulnerabilities.; tags | advisory, remote, denial of service, shell, local, vulnerability, code execution, memory leak, file inclusion; systems | linux, redhat; advisories | CVE-2019-14853, CVE-2019-14859, CVE-2019-25025, CVE-2020-14343, CVE-2020-26247, CVE-2020-8130, CVE-2020-8908, CVE-2021-20256, CVE-2021-21330, CVE-2021-22885, CVE-2021-22902, CVE-2021-22904, CVE-2021-28658, CVE-2021-29509, CVE-2021-31542, CVE-2021-32740, CVE-2021-33203, CVE-2021-33503, CVE-2021-33571, CVE-2021-3413, CVE-2021-3494; SHA-256 | 8add47f95e7029cc9b29e159ddcedaf8b823cd7f438afa063e0aa09ebed5c91a; Download | Favorite | View

Ubuntu Security Notice USN-4902-1: Posted Apr 6, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4902-1 - Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2021-28658; SHA-256 | 2fb40698adaa4bed99b71e8648084646de91e6b714f5ce5948c518eead6b35f9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2021-28658

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems