Home

CVE-2021-31542

Description

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
6.384

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-31542 are fixed in Python-django 2.2.21Windows
Vulnerabilities CVE-2021-31542 are fixed in Python-django 3.1.9Windows
Vulnerabilities CVE-2021-31542 are fixed in Python-django 3.2.1Windows
Vulnerabilities CVE-2021-31542 are fixed in Python-django for linux 2.2.21Linux
Vulnerabilities CVE-2021-31542 are fixed in Python-django for linux 3.1.9Linux
Vulnerabilities CVE-2021-31542 are fixed in Python-django for linux 3.2.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234