CVE-2021-31542

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-31542
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31542.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-31542
Aliases
Downstream
Related
Published
2021-05-05T15:15:08.483Z
Modified
2025-11-14T11:51:05.520670Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
04ac1624bdc2fa737188401757cf95ced122d26d
Fixed
25d84d64122c15050a0ee739e859f22ddab5ac48
Fixed
c98f446c188596d4ba6de71d1b77b4a6c5c2a007

Affected versions

1.*

1.0
1.1
1.2
1.2.1
1.3
1.4
1.7a1
1.7a2

2.*

2.2
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2a1
2.2b1
2.2rc1

3.*

3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1a1
3.1b1
3.1rc1
3.2
3.2a1
3.2b1
3.2rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31542.json"