An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat satellite
Redhat satellite Capsule |
|
CPEs | cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 |
|
Vendors & Products |
Redhat satellite
Redhat satellite Capsule |
Fri, 01 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sun, 08 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat ansible Automation Platform |
|
CPEs | cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 |
|
Vendors & Products |
Redhat
Redhat ansible Automation Platform |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-10T00:00:00
Updated: 2024-11-01T15:04:12.857Z
Reserved: 2024-06-23T00:00:00
Link: CVE-2024-39330
Vulnrichment
Updated: 2024-08-02T04:26:14.188Z
NVD
Status : Awaiting Analysis
Published: 2024-07-10T05:15:12.167
Modified: 2024-11-01T15:35:16.783
Link: CVE-2024-39330
Redhat