Directory traversal in Django
High severity
GitHub Reviewed
Published
Jul 23, 2018
to the GitHub Advisory Database
•
Updated May 16, 2024
Package
Affected versions
>= 1.1.0, < 1.1.4
>= 1.2.0, < 1.2.5
Patched versions
1.1.4
1.2.5
Description
Published to the GitHub Advisory Database
Jul 23, 2018
Reviewed
Jun 16, 2020
Last updated
May 16, 2024
Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
References