Directory Traversal Vulnerability in Django MultiPartParser, UploadedFile, and FieldFile
CVE-2021-31542 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Learn more about our Web Application Penetration Testing UK.