正文

Django 代码问题漏洞

admin
admin V管理员 /0 评论 /13 阅读
0304
此篇文章发布距今已超过1167天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Django 代码问题漏洞

  • CNNVD编号:CNNVD-202105-092
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2021-31542
  • 漏洞类型: 代码问题
  • 发布时间: 2021-05-04
  • 威胁类型: 远程
  • 更新时间: 2021-11-23
  • 厂        商:
  • 漏洞来源: Ubuntu

漏洞简介

Django是Django基金会的一套基于Python语言的开源Web应用框架。该框架包括面向对象的映射器、视图系统、模板系统等。

Django 存在代码问题漏洞,该漏洞源于在通过MultiPartParser、UploadedFile和FieldFile方法上传文件时,对文件的验证不足。以下产品及版本受到影响:Django: 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.16, 2.2.17, 2.2.18, 2.2.19, 2.2.20, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.2 。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://ubuntu.com/security/notices/USN-4932-1?_ga=2.256534536.2023876064.1620270652-2089915127.1616724149

参考网址

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/05/msg00005.html

来源:MISC

链接:https://groups.google.com/forum/#!forum/django-announce

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/

来源:MISC

链接:http://www.openwall.com/lists/oss-security/2021/05/04/3

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20210618-0001/

来源:MISC

链接:https://docs.djangoproject.com/en/3.2/releases/security/

来源:MISC

链接:https://www.djangoproject.com/weblog/2021/may/04/security-releases/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021050411

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3919

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2117

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1522

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162445/Ubuntu-Security-Notice-USN-4932-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3964

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164991/Red-Hat-Security-Advisory-2021-4702-01.html

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2021-31542

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1641

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1574

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-31542

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162567/Ubuntu-Security-Notice-USN-4932-2.html

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Django-file-upload-35232

受影响实体

    暂无


补丁

  • Django Django 代码问题漏洞的修复措施
    <!--
    2021-5-4
    -->