Directory Traversal Vulnerability in Django MultiPartParser, UploadedFile, and FieldFile

CVE-2021-31542 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

Learn more about our Web Application Penetration Testing UK.