Description
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
Remediation
References
Related Vulnerabilities
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-1991)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.11)
WordPress Plugin Simple Feature Requests Free Unspecified Vulnerability (1.0.4)
WordPress Plugin WP Table Builder-WordPress Table Cross-Site Scripting (1.4.6)