{ "threat_severity" : "Moderate", "public_date" : "2021-04-06T08:00:00Z", "bugzilla" : { "description" : "django: potential directory-traversal via uploaded files", "id" : "1944801", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1944801" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-22", "details" : [ "In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.", "A flaw was found in Django. This flaw allows an attacker to upload specially-named files and exploit a flaw in the `MultiPartParser()` function to traverse directories. The highest threat from this vulnerability is to confidentiality." ], "statement" : "Although Red Hat Ansible Tower ships the flawed code, it does not use the vulnerable function i.e. \"MultiPartParser\" and therefore will not be updated.\nRed Hat Update Infrastructure ship affected version of python-django however RHUI v3 is in maintenance support phase and we are only fixing critical and important fixes. Please refer RHUI support lifecycle page for more information: https://access.redhat.com/support/policy/updates/rhui.\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-django package.", "affected_release" : [ { "product_name" : "Red Hat OpenStack Platform 16.1", "release_date" : "2021-12-09T00:00:00Z", "advisory" : "RHSA-2021:5070", "cpe" : "cpe:/a:redhat:openstack:16.1::el8", "package" : "python-django20-0:2.0.13-16.el8ost.1" }, { "product_name" : "Red Hat Satellite 6.10 for RHEL 7", "release_date" : "2021-11-16T00:00:00Z", "advisory" : "RHSA-2021:4702", "cpe" : "cpe:/a:redhat:satellite:6.10::el7", "package" : "python3-django-0:2.2.24-1.el7pc" }, { "product_name" : "Red Hat Satellite 6.10 for RHEL 7", "release_date" : "2021-11-16T00:00:00Z", "advisory" : "RHSA-2021:4702", "cpe" : "cpe:/a:redhat:satellite_capsule:6.10::el7", "package" : "python3-django-0:2.2.24-1.el7pc" } ], "package_state" : [ { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Affected", "package_name" : "django", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Ansible Tower 3", "fix_state" : "Not affected", "package_name" : "django", "cpe" : "cpe:/a:redhat:ansible_tower:3" }, { "product_name" : "Red Hat Ceph Storage 2", "fix_state" : "Out of support scope", "package_name" : "calamari-server", "cpe" : "cpe:/a:redhat:ceph_storage:2" }, { "product_name" : "Red Hat Ceph Storage 2", "fix_state" : "Out of support scope", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:ceph_storage:2" }, { "product_name" : "Red Hat Ceph Storage 3", "fix_state" : "Out of support scope", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:ceph_storage:3" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Out of support scope", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Will not fix", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Affected", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Update Infrastructure 3 for Cloud Providers", "fix_state" : "Out of support scope", "package_name" : "python-django", "cpe" : "cpe:/a:redhat:rhui:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-28658\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-28658\nhttps://www.djangoproject.com/weblog/2021/apr/06/security-releases/" ], "name" : "CVE-2021-28658", "csaw" : false }