2037028 – (CVE-2021-45452) CVE-2021-45452 django: Potential directory-traversal via Storage.save()

Bug 2037028 (CVE-2021-45452) - CVE-2021-45452 django: Potential directory-traversal via Storage.save()

Summary: CVE-2021-45452 django: Potential directory-traversal via Storage.save()

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-45452
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2037170 2037171 2042569 2042570 2042571 2037172 2037173 2037174 2037175 2037753 2037754 2050718 2050745
Blocks:	2037030
TreeView+	depends on / blocked

Reported:	2022-01-04 16:55 UTC by Pedro Sampaio
Modified:	2022-07-05 20:41 UTC (History)
CC List:	59 users (show)
Fixed In Version:	Django 4.0.1, Django 3.2.11, Django 2.2.26
Doc Type:	If docs needed, set a value
Doc Text:	A directory-traversal flaw was found in Django's Storage.save() method, where a network attacker could possibly traverse restricted paths using suitably crafted file names.
Clone Of:
Environment:
Last Closed:	2022-07-05 20:41:25 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:5498	0	None	None	None	2022-07-05 14:27:14 UTC

Description Pedro Sampaio 2022-01-04 16:55:40 UTC

Storage.save() allowed directory-traversal if directly passed suitably crafted file names.

References:

https://www.djangoproject.com/weblog/2022/jan/04/security-releases/

Comment 1 Summer Long 2022-01-05 06:57:52 UTC

Created django:1.6/python-django tracking bugs for this issue:

Affects: fedora-all [bug 2037170]


Created python-django tracking bugs for this issue:

Affects: epel-all [bug 2037171]
Affects: fedora-all [bug 2037174]
Affects: openstack-rdo [bug 2037172]

Comment 3 Summer Long 2022-01-06 00:07:02 UTC

Upstream commit: https://github.com/django/django/commit/e1592e0f26302e79856cc7f2218ae848ae19b0f6

Comment 9 errata-xmlrpc 2022-07-05 14:27:10 UTC

This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2022:5498 https://access.redhat.com/errata/RHSA-2022:5498

Comment 10 Product Security DevOps Team 2022-07-05 20:41:21 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-45452

Note You need to log in before you can comment on or make changes to this bug.

amctagga
anharris
apevec
bbuckingham
bcoca
bcourt
bkearney
bniver
btotty
caswilli
cmeyers
davidn
dbecker
ehelms
flucifre
gblomqui
gmeno
hvyas
jal233
jcammara
jhardy
jjoyce
jobarker
jschluet
jsherril
jwong
kaycoth
lhh
lpeer
lzap
mabashia
mbenjamin
mburns
mhackett
mhroncok
mhulan
michel
mmccune
mrunge
myarboro
nmoumoul
notting
orabin
osapryki
pcreech
rchan
rdopiera
relrod
rhos-maint
rpetrell
sclewis
sdoran
sgallagh
slavek.kabrda
slinaber
smcdonal
sostapov
tkuratom
vereddy