An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
History

Thu, 14 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openstack
CPEs cpe:/a:redhat:openstack:18.0::el9
Vendors & Products Redhat openstack

Wed, 06 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite
Redhat satellite Capsule
CPEs cpe:/a:redhat:satellite:6.16::el8
cpe:/a:redhat:satellite:6.16::el9
cpe:/a:redhat:satellite_capsule:6.16::el8
cpe:/a:redhat:satellite_capsule:6.16::el9
Vendors & Products Redhat satellite
Redhat satellite Capsule

Fri, 01 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 08 Sep 2024 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat ansible Automation Platform
CPEs cpe:/a:redhat:ansible_automation_platform:2.4::el8
cpe:/a:redhat:ansible_automation_platform:2.4::el9
Vendors & Products Redhat
Redhat ansible Automation Platform

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-10T00:00:00

Updated: 2024-11-01T15:04:12.857Z

Reserved: 2024-06-23T00:00:00

Link: CVE-2024-39330

cve-icon Vulnrichment

Updated: 2024-08-02T04:26:14.188Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-10T05:15:12.167

Modified: 2024-11-21T09:27:28.523

Link: CVE-2024-39330

cve-icon Redhat

Severity : Low

Publid Date: 2024-07-09T14:00:00Z

Links: CVE-2024-39330 - Bugzilla