CVE-2021-31542

{"id": "CVE-2021-31542", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-05-05T15:15:08.483", "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/05/04/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://docs.djangoproject.com/en/3.2/releases/security/", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d", "source": "[email protected]"}, {"url": "https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48", "source": "[email protected]"}, {"url": "https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007", "source": "[email protected]"}, {"url": "https://groups.google.com/forum/#%21forum/django-announce", "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/", "source": "[email protected]"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/", "source": "[email protected]"}, {"url": "https://security.netapp.com/advisory/ntap-20210618-0001/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.djangoproject.com/weblog/2021/may/04/security-releases/", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2021/05/04/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.djangoproject.com/en/3.2/releases/security/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/forum/#%21forum/django-announce", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20210618-0001/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.djangoproject.com/weblog/2021/may/04/security-releases/", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names."}, {"lang": "es", "value": "En Django versiones 2.2 anteriores a 2.2.21, versiones 3.1 anteriores a 3.1.9 y versiones 3.2 anteriores a 3.2.1, MultiPartParser, UploadedFile y FieldFile, permit\u00edan un salto de directorio por medio de archivos cargados con nombres de archivo cuidadosamente dise\u00f1ados"}], "lastModified": "2024-11-21T06:05:52.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13443AFD-6FA0-487D-8C84-068829D44AD0", "versionEndExcluding": "2.2.21", "versionStartIncluding": "2.2"}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D90DC9B2-CDD1-41E6-8745-29CDFE00CE1A", "versionEndExcluding": "3.1.9", "versionStartIncluding": "3.1"}, {"criteria": "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B014E657-30B7-4174-BAF4-F7C92435900A", "versionEndExcluding": "3.2.1", "versionStartIncluding": "3.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}