summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/4.2.14.txt12
-rw-r--r--docs/releases/5.0.7.txt12
2 files changed, 24 insertions, 0 deletions
diff --git a/docs/releases/4.2.14.txt b/docs/releases/4.2.14.txt
index 556cff4437..dc20cd9f28 100644
--- a/docs/releases/4.2.14.txt
+++ b/docs/releases/4.2.14.txt
@@ -20,3 +20,15 @@ CVE-2024-39329: Username enumeration through timing difference for users with un
The :meth:`~django.contrib.auth.backends.ModelBackend.authenticate()` method
allowed remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.
+
+CVE-2024-39330: Potential directory-traversal via ``Storage.save()``
+====================================================================
+
+Derived classes of the :class:`~django.core.files.storage.Storage` base class
+which override :meth:`generate_filename()
+<django.core.files.storage.Storage.generate_filename()>` without replicating
+the file path validations existing in the parent class, allowed for potential
+directory-traversal via certain inputs when calling :meth:`save()
+<django.core.files.storage.Storage.save()>`.
+
+Built-in ``Storage`` sub-classes were not affected by this vulnerability.
diff --git a/docs/releases/5.0.7.txt b/docs/releases/5.0.7.txt
index 53efe3766b..c09e2d7040 100644
--- a/docs/releases/5.0.7.txt
+++ b/docs/releases/5.0.7.txt
@@ -21,6 +21,18 @@ The :meth:`~django.contrib.auth.backends.ModelBackend.authenticate()` method
allowed remote attackers to enumerate users via a timing attack involving login
requests for users with unusable passwords.
+CVE-2024-39330: Potential directory-traversal via ``Storage.save()``
+====================================================================
+
+Derived classes of the :class:`~django.core.files.storage.Storage` base class
+which override :meth:`generate_filename()
+<django.core.files.storage.Storage.generate_filename()>` without replicating
+the file path validations existing in the parent class, allowed for potential
+directory-traversal via certain inputs when calling :meth:`save()
+<django.core.files.storage.Storage.save()>`.
+
+Built-in ``Storage`` sub-classes were not affected by this vulnerability.
+
Bugfixes
========