vulnerability
Oracle Solaris 11: CVE-2021-33203 (11.4 SRU 35.94.4)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jun 8, 2021 | Jul 21, 2021 | Feb 17, 2022 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jun 8, 2021
Added
Jul 21, 2021
Modified
Feb 17, 2022
Description
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories.
Solutions
oracle-solaris-11-4-upgrade-library-python-django-2-2-24-11-4-35-0-1-94-2oracle-solaris-11-4-upgrade-library-python-django-37-2-2-24-11-4-35-0-1-94-2oracle-solaris-11-4-upgrade-library-python-django-39-2-2-24-11-4-35-0-1-94-2
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.