You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 22, 2024. It is now read-only.
Introduced through
django@3.2.18, django-haystack@3.1.1 and others
Fixed in
django@3.2.19, @4.1.9, @4.2.1
Exploit maturity
No known exploit
Detailed paths and remediation
Introduced through: project@0.0.0 › django@3.2.18
Fix: Upgrade django to version 3.2.19 or 4.1.9 or 4.2.1
Introduced through: project@0.0.0 › django-haystack@3.1.1 › django@3.2.18
Fix: Pin django to version 3.2.19 or 4.1.9 or 4.2.1
Introduced through: project@0.0.0 › django-mptt@0.13.4 › django-js-asset@2.0.0 › django@3.2.18
Fix: Pin django to version 3.2.19 or 4.1.9 or 4.2.1
Security information
Factors contributing to the scoring:
Snyk: [CVSS 5.3](https://security.snyk.io/vuln/SNYK-PYTHON-DJANGO-5496950) - Medium Severity
NVD: Not available. NVD has not yet published its analysis.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.
Action items:
Upgrade django to version 3.2.19 or 4.1.9 or 4.2.1 Completion criteria:
Vulnerability no longer flagged in snyk
The text was updated successfully, but these errors were encountered:
Introduced through
django@3.2.18, django-haystack@3.1.1 and others
Fixed in
django@3.2.19, @4.1.9, @4.2.1
Detailed paths and remediation
Introduced through: project@0.0.0 › django-haystack@3.1.1 › django@3.2.18
Fix: Pin django to version 3.2.19 or 4.1.9 or 4.2.1
Introduced through: project@0.0.0 › django-mptt@0.13.4 › django-js-asset@2.0.0 › django@3.2.18
Fix: Pin django to version 3.2.19 or 4.1.9 or 4.2.1
Security information
Factors contributing to the scoring:
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
Affected versions of this package are vulnerable to Arbitrary File Upload by bypassing of validation of all but the last file when uploading multiple files using a single forms.FileField or forms.ImageField.
Action items:
Completion criteria:
The text was updated successfully, but these errors were encountered: