[Snyk: High] 2 Insecure Permissions vulnerabilites in Django (due 10/9/20) #4027
Comments
2 tasks
1 task
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vulnerable module:
DjangoIntroduced through: django@2.2.13, django-storages@1.7.1 and others
No known exploit
Fixed in: 2.2.16, 3.0.10, 3.1.1
Overview
Affected versions of this package are vulnerable to Insecure Permissions. The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
https://app.snyk.io/vuln/SNYK-PYTHON-DJANGO-609369
Affected versions of this package are vulnerable to Insecure Permissions. On Python 3.7 and above, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
https://app.snyk.io/vuln/SNYK-PYTHON-DJANGO-609368
Completion criteria:
The text was updated successfully, but these errors were encountered: