meta-openembedded

MIRRORS/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-07-19 15:29:08 +02:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Stefan Ghinea	660e62b645	python3-django: fix CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. References: https://nvd.nist.gov/vuln/detail/CVE-2021-28658 Upstream patches: `4036d62bda` Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>	2021-04-21 08:26:07 -07:00

Stefan Ghinea

660e62b645

python3-django: fix CVE-2021-28658

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-28658

Upstream patches:
4036d62bda

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>

2021-04-21 08:26:07 -07:00

1 Commits