diff options
Diffstat (limited to 'docs/releases/4.2.25.txt')
| -rw-r--r-- | docs/releases/4.2.25.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/releases/4.2.25.txt b/docs/releases/4.2.25.txt index 5412777055..7ba23c0132 100644 --- a/docs/releases/4.2.25.txt +++ b/docs/releases/4.2.25.txt @@ -15,3 +15,11 @@ CVE-2025-59681: Potential SQL injection in ``QuerySet.annotate()``, ``alias()``, to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the ``**kwargs`` passed to these methods (follow up to :cve:`2022-28346`). + +CVE-2025-59682: Potential partial directory-traversal via ``archive.extract()`` +=============================================================================== + +The ``django.utils.archive.extract()`` function, used by +:option:`startapp --template` and :option:`startproject --template`, allowed +partial directory-traversal via an archive with file paths sharing a common +prefix with the target directory (follow up to :cve:`2021-3281`). |