You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Introduced through
django@3.2.18, django-jinja@2.10.2 and others
Fixed in
django@3.2.19, @4.1.9, @4.2.1
Exploit maturity
No known exploit
Detailed paths and remediation
Introduced through: project@0.0.0 › django@3.2.18
Fix: Upgrade django to version 3.2.19 or 4.1.9 or 4.2.1
Introduced through: project@0.0.0 › django-jinja@2.10.2 › django@3.2.18
Fix: Pin django to version 3.2.19 or 4.1.9 or 4.2.1
Introduced through: project@0.0.0 › django-storages@1.7.1 › django@3.2.18
Fix: Pin django to version 3.2.19 or 4.1.9 or 4.2.1
…and 8 more
Security information
Factors contributing to the scoring:
Snyk: [CVSS 5.3](https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950) - Medium Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.
Completion criteria
We have either remediated the vulnerability, or determined it does not affect us and the warning is snoozed
The text was updated successfully, but these errors were encountered:
Introduced through
django@3.2.18, django-jinja@2.10.2 and others
Fixed in
django@3.2.19, @4.1.9, @4.2.1
Detailed paths and remediation
Introduced through: project@0.0.0 › django-jinja@2.10.2 › django@3.2.18
Fix: Pin django to version 3.2.19 or 4.1.9 or 4.2.1
Introduced through: project@0.0.0 › django-storages@1.7.1 › django@3.2.18
Fix: Pin django to version 3.2.19 or 4.1.9 or 4.2.1
…and 8 more
Security information
Factors contributing to the scoring:
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.
Completion criteria
The text was updated successfully, but these errors were encountered: