CVE-2021-3281

Posted on 2021년 2월 2일2021년 2월 2일 by admin

CVE-2021-3281

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp –template" and "startproject –template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.

Source: CVE-2021-3281

답글 남기기 응답 취소