BIT-django-2021-45452

BIT-django-2021-45452 PUBLISHED CVSS 5.300000190734863 MEDIUM

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Azure	storage
Bitnami	django	3.2.0, 4.0.0, 2.2.0

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

https://docs.djangoproject.com/en/4.0/releases/security/ url
https://groups.google.com/forum/#%21forum/django-announce url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ url
https://security.netapp.com/advisory/ntap-20220121-0005/ url
https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ url
https://nvd.nist.gov/vuln/detail/CVE-2021-45452 url

Open in Interactive Console →