diff options
| author | Florian Apolloner <florian@apolloner.eu> | 2021-12-17 21:07:50 +0100 |
|---|---|---|
| committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2022-01-04 10:20:31 +0100 |
| commit | 4cb35b384ceef52123fc66411a73c36a706825e1 (patch) | |
| tree | 1bd0e98713c96e81e1c93d60509c3548291b30a6 /docs/releases | |
| parent | c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (diff) | |
[2.2.x] Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
Thanks to Dennis Brinkrolf for the report.
Diffstat (limited to 'docs/releases')
| -rw-r--r-- | docs/releases/2.2.26.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/releases/2.2.26.txt b/docs/releases/2.2.26.txt index 2ed9b32119..7fbdc02089 100644 --- a/docs/releases/2.2.26.txt +++ b/docs/releases/2.2.26.txt @@ -36,3 +36,12 @@ As a reminder, all untrusted user input should be validated before use. This issue has severity "low" according to the :ref:`Django security policy <security-disclosure>`. + +CVE-2021-45452: Potential directory-traversal via ``Storage.save()`` +==================================================================== + +``Storage.save()`` allowed directory-traversal if directly passed suitably +crafted file names. + +This issue has severity "low" according to the :ref:`Django security policy +<security-disclosure>`. |