Vulnerabilities

CVE-2025-59682

by Fred · 01/10/2025

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the “startapp –template” and “startproject –template” commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.

More information : https://docs.djangoproject.com/en/dev/releases/security/

Similar

Tags: Cybersecurity Alert