CVE-2021-33203
published 2021-06-08CVE-2021-33203: Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the…
PriorityP432medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
2.74%
84.3th percentile
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | < python-django 2:2.2.24-1 (bookworm) | python-django 2:2.2.24-1 (bookworm) |
| djangoproject | django | < 2.2.24 | 2.2.24 |
| djangoproject | django | >= 0 < 2.2.24 | 2.2.24 |
| djangoproject | django | >= 3.0 < 3.1.12 | 3.1.12 |
| djangoproject | django | >= 3.0.0 < 3.1.12 | 3.1.12 |
| djangoproject | django | >= 3.2 < 3.2.4 | 3.2.4 |
| djangoproject | django | >= 3.2.0 < 3.2.4 | 3.2.4 |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv6.1MEDIUM
vendor_ubuntu6.1MEDIUM
vendor_debian4.9MEDIUM
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Path Traversal in Django
ghsa·2021-06-10
CVE-2021-33203 [MEDIUM] CWE-22 Path Traversal in Django
Path Traversal in Django
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
OSV
Path Traversal in Django
osv·2021-06-10
CVE-2021-33203 [MEDIUM] Path Traversal in Django
Path Traversal in Django
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
OSV
CVE-2021-33203: Django before 2
osv·2021-06-08·CVSS 4.9
CVE-2021-33203 [MEDIUM] CVE-2021-33203: Django before 2
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
OSV
python-django vulnerability
osv·2021-06-07·CVSS 4.9
CVE-2021-33203 [MEDIUM] python-django vulnerability
python-django vulnerability
USN-4975-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django
incorrectly handled path sanitation in admindocs. A remote attacker could
possibly use this issue to determine the existence of arbitrary files and
in certain configurations obtain their contents. (CVE-2021-33203)
OSV
python-django vulnerabilities
osv·2021-06-02·CVSS 6.1
CVE-2021-32052 [MEDIUM] python-django vulnerabilities
python-django vulnerabilities
It was discovered that the Django URLValidator function incorrectly handled
newlines and tabs. A remote attacker could possibly use this issue to
perform a header injection attack. This issue only affected Ubuntu 20.04
LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32052)
Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django
incorrectly handled path sanitation in admindocs. A remote attacker could
possibly use this issue to determine the existence of arbitrary files and
in certain configurations obtain their contents. (CVE-2021-33203)
It was discovered that Django incorrectly handled IPv4 addresses with
leading zeros. A remote attacker could possibly use this issue to perform a
wide variety of attacks, including bypassing certain access
Ubuntu
Django vulnerability
vendor_ubuntu·2021-06-07·CVSS 4.9
CVE-2021-33203 [MEDIUM] Django vulnerability
Title: Django vulnerability
Summary: Several security issues were fixed in Django.
USN-4975-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django
incorrectly handled path sanitation in admindocs. A remote attacker could
possibly use this issue to determine the existence of arbitrary files and
in certain configurations obtain their contents. (CVE-2021-33203)
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Django vulnerabilities
vendor_ubuntu·2021-06-02·CVSS 6.1
CVE-2021-32052 [MEDIUM] Django vulnerabilities
Title: Django vulnerabilities
Summary: Several security issues were fixed in Django.
It was discovered that the Django URLValidator function incorrectly handled
newlines and tabs. A remote attacker could possibly use this issue to
perform a header injection attack. This issue only affected Ubuntu 20.04
LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2021-32052)
Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django
incorrectly handled path sanitation in admindocs. A remote attacker could
possibly use this issue to determine the existence of arbitrary files and
in certain configurations obtain their contents. (CVE-2021-33203)
It was discovered that Django incorrectly handled IPv4 addresses with
leading zeros. A remote attacker could possibly use this issue to perform a
wid
Red Hat
django: Potential directory traversal via ``admindocs``
vendor_redhat·2021-06-02·CVSS 4.9
CVE-2021-33203 [MEDIUM] CWE-22 django: Potential directory traversal via ``admindocs``
django: Potential directory traversal via ``admindocs``
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
A flaw was found in django. Staff members could use the :mod:`~django.contrib.admindocs` ``TemplateDetailView`` view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs
Debian
CVE-2021-33203: python-django - Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential ...
vendor_debian·2021·CVSS 4.9
CVE-2021-33203 [MEDIUM] CVE-2021-33203: python-django - Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential ...
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
Scope: local
bookworm: resolved (fixed in 2:2.2.24-1)
bullseye: resolved (fixed in 2:2.2.24-1)
forky: resolved (fixed in 2:2.2.24-1)
sid: resolved (fixed in 2:2.2.24-1)
trixie: resolved (fixed in 2:2.2.24-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://docs.djangoproject.com/en/3.2/releases/security/https://groups.google.com/forum/#%21forum/django-announcehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/https://security.netapp.com/advisory/ntap-20210727-0004/https://www.djangoproject.com/weblog/2021/jun/02/security-releases/https://docs.djangoproject.com/en/3.2/releases/security/https://groups.google.com/forum/#%21forum/django-announcehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/https://security.netapp.com/advisory/ntap-20210727-0004/https://www.djangoproject.com/weblog/2021/jun/02/security-releases/
2021-06-08
Published