VDB
DEBIAN-CVE-2021-31542
DEBIAN-CVE-2021-31542
PUBLISHED
CVSS 7.5 HIGH
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | python-django | 0, 0, 0 |
| Debian:12 | python-django | 0, 0, 0 |
| Debian:11 | python-django | 0, 0, 0 |
| Debian:13 | python-django | 0, 0, 0 |
Timeline
- May 5, 2021 CVE Published
- Apr 28, 2026 CVE Updated