CVE-2021-31542

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-31542
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31542.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-31542
Aliases
Downstream
Related
Published
2021-05-05T15:15:08.483Z
Modified
2026-02-19T07:34:39.103739Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
04ac1624bdc2fa737188401757cf95ced122d26d
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
25d84d64122c15050a0ee739e859f22ddab5ac48
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c98f446c188596d4ba6de71d1b77b4a6c5c2a007
Introduced
0b8a0296bfd30748f08021834e95cdae241686e8
Fixed
8284fd67b4310131d7230b8f475b6882787d1d42
Introduced
2a62cdcfec85938f40abb2e9e6a9ff497e02afe8
Fixed
ff1385ae45d267f455b1744fb39a9ab5de688d05
Introduced
3591e1c1acbd7c13174275367c3fdf012cb0413b
Fixed
c238ec5e90fa2053a24c9c860abeaf35eadb68d6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31542.json"

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
29360893df0931703cb2fe0c0fbc0fc963e64ead
Fixed
65b2eb9dfebe873e8ee5821f13d5a8c07d9c89c2

Affected versions

v3.*
v3.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31542.json"