发布于3月6日3月6日 Members FreeBSD: VID-171AFA61-3EBA-11EF-A58F-080027836E8B (CVE-2024-39330): Django -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/01/2024 Created 07/12/2024 Added 07/10/2024 Modified 07/10/2024 Description An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) Solution(s) freebsd-upgrade-package-py310-django42 freebsd-upgrade-package-py310-django50 freebsd-upgrade-package-py311-django42 freebsd-upgrade-package-py311-django50 freebsd-upgrade-package-py39-django42 References CVE-2024-39330
