diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2024-03-20 13:55:21 -0300 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2024-07-09 09:42:45 -0300 |
| commit | 6d36203648a7e14abc89b9aeb8ae9678535b51fb (patch) | |
| tree | 2f044c81d72f9668878495555d4ab92fbbdb9b32 /docs | |
| parent | f5d16483f3abfd33e301fb5c2005b80bd6d05aaf (diff) | |
[5.1.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/4.2.14.txt | 12 | ||||
| -rw-r--r-- | docs/releases/5.0.7.txt | 12 |
2 files changed, 24 insertions, 0 deletions
diff --git a/docs/releases/4.2.14.txt b/docs/releases/4.2.14.txt index 556cff4437..dc20cd9f28 100644 --- a/docs/releases/4.2.14.txt +++ b/docs/releases/4.2.14.txt @@ -20,3 +20,15 @@ CVE-2024-39329: Username enumeration through timing difference for users with un The :meth:`~django.contrib.auth.backends.ModelBackend.authenticate()` method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. + +CVE-2024-39330: Potential directory-traversal via ``Storage.save()`` +==================================================================== + +Derived classes of the :class:`~django.core.files.storage.Storage` base class +which override :meth:`generate_filename() +<django.core.files.storage.Storage.generate_filename()>` without replicating +the file path validations existing in the parent class, allowed for potential +directory-traversal via certain inputs when calling :meth:`save() +<django.core.files.storage.Storage.save()>`. + +Built-in ``Storage`` sub-classes were not affected by this vulnerability. diff --git a/docs/releases/5.0.7.txt b/docs/releases/5.0.7.txt index 53efe3766b..c09e2d7040 100644 --- a/docs/releases/5.0.7.txt +++ b/docs/releases/5.0.7.txt @@ -21,6 +21,18 @@ The :meth:`~django.contrib.auth.backends.ModelBackend.authenticate()` method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. +CVE-2024-39330: Potential directory-traversal via ``Storage.save()`` +==================================================================== + +Derived classes of the :class:`~django.core.files.storage.Storage` base class +which override :meth:`generate_filename() +<django.core.files.storage.Storage.generate_filename()>` without replicating +the file path validations existing in the parent class, allowed for potential +directory-traversal via certain inputs when calling :meth:`save() +<django.core.files.storage.Storage.save()>`. + +Built-in ``Storage`` sub-classes were not affected by this vulnerability. + Bugfixes ======== |