CVE-2021-3281

django: Potential directory-traversal via archive.extract()

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.

En Django versiones 2.2 anteriores a 2.2.18, versiones 3.0 anteriores a 3.0.12 y versiones 3.1 anteriores a 3.1.6, el método django.utils.archive.extract (usado por "startapp --template" y "startproject --template") permite un salto de directorios por medio de un archivo con rutas absolutas o rutas relativas con segmentos de puntos

A flaw was found in django where the`django.utils.archive.extract()` function, used by `startapp --template` and `startproject --template`, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-22 CVE Reserved
2021-02-01 CVE Published
2021-07-05 First Exploit
2023-11-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (8)

URL	Tag	Source
https://groups.google.com/forum/#%21forum/django-announce	X_refsource_misc
https://security.netapp.com/advisory/ntap-20210226-0004	Third Party Advisory

URL	Date	SRC
https://github.com/lwzSoviet/CVE-2021-3281	2021-07-05

URL	Date	SRC
https://docs.djangoproject.com/en/3.1/releases/security	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YF52FKEH5S2P5CM4X7IXSYG67YY2CDOO	2023-11-07
https://www.djangoproject.com/weblog/2021/feb/01/security-releases	2023-11-07
https://access.redhat.com/security/cve/CVE-2021-3281	2021-12-09
https://bugzilla.redhat.com/show_bug.cgi?id=1919969	2021-12-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Djangoproject Search vendor "Djangoproject"		Django Search vendor "Djangoproject" for product "Django"				>= 2.2 < 2.2.18 Search vendor "Djangoproject" for product "Django" and version " >= 2.2 < 2.2.18"		-		Affected
Djangoproject Search vendor "Djangoproject"		Django Search vendor "Djangoproject" for product "Django"				>= 3.0 < 3.0.12 Search vendor "Djangoproject" for product "Django" and version " >= 3.0 < 3.0.12"		-		Affected
Djangoproject Search vendor "Djangoproject"		Django Search vendor "Djangoproject" for product "Django"				>= 3.1 < 3.1.6 Search vendor "Djangoproject" for product "Django" and version " >= 3.1 < 3.1.6"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Netapp Search vendor "Netapp"		Snapcenter Search vendor "Netapp" for product "Snapcenter"				-		-		Affected