diff options
Diffstat (limited to 'docs/releases/4.2.14.txt')
| -rw-r--r-- | docs/releases/4.2.14.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/releases/4.2.14.txt b/docs/releases/4.2.14.txt index 556cff4437..dc20cd9f28 100644 --- a/docs/releases/4.2.14.txt +++ b/docs/releases/4.2.14.txt @@ -20,3 +20,15 @@ CVE-2024-39329: Username enumeration through timing difference for users with un The :meth:`~django.contrib.auth.backends.ModelBackend.authenticate()` method allowed remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords. + +CVE-2024-39330: Potential directory-traversal via ``Storage.save()`` +==================================================================== + +Derived classes of the :class:`~django.core.files.storage.Storage` base class +which override :meth:`generate_filename() +<django.core.files.storage.Storage.generate_filename()>` without replicating +the file path validations existing in the parent class, allowed for potential +directory-traversal via certain inputs when calling :meth:`save() +<django.core.files.storage.Storage.save()>`. + +Built-in ``Storage`` sub-classes were not affected by this vulnerability. |