Debian Buster DLA-2675-1 Critical: Django Directory Traversal Issue
debian lts
May 6, 2021
It was discovered that there was potential directory-traversal vulnerability in Django, a popular Python-based web development framework
Summary
The MultiPartParser, UploadedFile and FieldFile classes allowed
directory-traversal via uploaded files with suitably crafted file
names. In order to mitigate this risk, stricter basename and path
sanitation is now applied. Specifically, empty file names and paths
with dot segments are rejected.
For Debian 9 "Stretch", this problem has been fixed in version
1:1.10.7-2+deb9u13.
We recommend that you upgrade your python-django packages.
For the detailed security status of python-django please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/python-django
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: python-django
Version: 1:1.10.7-2+deb9u13
CVE ID: CVE-2021-31542
Debian Bug: #988053
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!