CVE-2011-0698 — Path Traversal in Django

CWE-22 — Path Traversal6 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django

Timeline

PublishedFeb 14

Latest updateJul 23

Description

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶PyPIdjangoproject/django1.1 — 1.1.4+1

▶NVDdjangoproject/django9 versions+8

Patches

Patch: openwall.com ↗Patch: www.djangoproject.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

Directory traversal in Django↗2018-07-23

▶

OSV

Directory traversal in Django↗2018-07-23

▶

CVEList

CVE-2011-0698: Directory traversal vulnerability in Django 1↗2011-02-14

▶

OSV

CVE-2011-0698: Directory traversal vulnerability in Django 1↗2011-02-14

▶

📋Vendor Advisories

Debian

CVE-2011-0698: python-django - Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before ...↗2011

▶