vulnerability
FreeBSD: VID-171afa61-3eba-11ef-a58f-080027836e8b (CVE-2024-39330): Django -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jul 10, 2024 | Jul 10, 2024 | Jun 15, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 10, 2024
Added
Jul 10, 2024
Modified
Jun 15, 2026
Description
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)
Solutions
freebsd-upgrade-package-py39-django42freebsd-upgrade-package-py310-django42freebsd-upgrade-package-py311-django42freebsd-upgrade-package-py310-django50freebsd-upgrade-package-py311-django50
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.