1 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. • https://github.com/codingjoe/django-s3file/commit/68ccd2c621a40eb66fdd6af2be9d5fcc9c373318 https://github.com/codingjoe/django-s3file/security/advisories/GHSA-4w8f-hjm9-xwgf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •