django/traversal.tar at stable/2.2.x

mirror of https://github.com/django/django.git synced 2025-07-14 06:39:24 +00:00

Mariusz Felisiak 21e7622dec [2.2.x] Fixed CVE-2021-3281 -- Fixed potential directory-traversal via archive.extract().

Thanks Florian Apolloner, Shai Berger, and Simon Charette for reviews.

Thanks Wang Baohua for the report.

Backport of 05413afa8c18cdb978fcdf470e09f7a12b234a23 from master.

2021-02-01 09:14:54 +01:00

10 KiB

Raw Permalink History

View Raw

10 KiB Raw Permalink History

10 KiB

Raw Permalink History