diff options
Diffstat (limited to 'docs/releases/3.2.11.txt')
| -rw-r--r-- | docs/releases/3.2.11.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/releases/3.2.11.txt b/docs/releases/3.2.11.txt index e715ae866f..adff2d6d08 100644 --- a/docs/releases/3.2.11.txt +++ b/docs/releases/3.2.11.txt @@ -33,6 +33,11 @@ resolution logic, that will not call methods, nor allow indexing on dictionaries. As a reminder, all untrusted user input should be validated before use. +CVE-2021-45452: Potential directory-traversal via ``Storage.save()`` +==================================================================== + +``Storage.save()`` allowed directory-traversal if directly passed suitably +crafted file names. This issue has severity "low" according to the :ref:`Django security policy <security-disclosure>`. |