CVE-2022-24840 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in django-s3file

https://notcve.org/view.php?id=CVE-2022-24840

django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. • https://github.com/codingjoe/django-s3file/commit/68ccd2c621a40eb66fdd6af2be9d5fcc9c373318 https://github.com/codingjoe/django-s3file/security/advisories/GHSA-4w8f-hjm9-xwgf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •