CVE-2013-4315 — Path Traversal in Django

CWE-22 — Path Traversal12 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 23.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django

Timeline

PublishedSep 16

Latest updateMay 17

Description

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶PyPIdjangoproject/django1.4 — 1.4.7+1

▶NVDdjangoproject/django9 versions+8

Patches

Patch: www.djangoproject.com ↗Patch: www.djangoproject.com ↗

🔴Vulnerability Details

OSV

Django Directory Traversal via ssi template tag↗2022-05-17

▶

GHSA

Django Directory Traversal via ssi template tag↗2022-05-17

▶

OSV

CVE-2013-4315: Directory traversal vulnerability in Django 1↗2013-09-16

▶

CVEList

CVE-2013-4315: Directory traversal vulnerability in Django 1↗2013-09-16

▶

📋Vendor Advisories

Ubuntu

Django vulnerabilities↗2013-09-24

▶

Red Hat

python-django: directory traversal with "ssi" template tag↗2013-09-10

▶

Debian

CVE-2013-4315: python-django - Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5...↗2013

▶

💬Community

Bugzilla

CVE-2013-4315 Django14: python-django: directory traversal with "ssi" template tag [epel-6]↗2013-09-11

▶

Bugzilla

CVE-2013-4315 python-django: directory traversal with "ssi" template tag [fedora-all]↗2013-09-11

▶

Bugzilla

CVE-2013-4315 python-django14: python-django: directory traversal with "ssi" template tag [fedora-19]↗2013-09-11

▶

Bugzilla

CVE-2013-4315 python-django: directory traversal with "ssi" template tag↗2013-09-05

▶