PT-2025-40291 · Django+4 · Django+4

Stackered

Publicado

2025-10-01

Atualizado

2026-01-03

CVE-2025-59682

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.24 Django versions 5.1 through 5.1.12 Django versions 5.2 through 5.2.6

Description The django.utils.archive.extract() function allows for potential directory traversal when handling archives with file paths that share a common prefix with the target directory. This issue affects the "startapp --template" and "startproject --template" commands.

Recommendations Update to Django version 4.2.25 or later. Update to Django version 5.1.13 or later. Update to Django version 5.2.7 or later.

Correção

Relative Path Traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-23

Identificadores relacionados

BDU:2025-12661

BIT-DJANGO-2025-59682

CVE-2025-59682

DLA-4324-1

ECHO-3ACC-85CC-F3E5

GHSA-Q95W-C7QG-HRFF

MGASA-2025-0243

OESA-2025-2378

OESA-2025-2379

OESA-2025-2460

OESA-2025-2461

OESA-2025-2462

OESA-2025-2463

OPENSUSE-SU-2025:15596-1

OPENSUSE-SU-2025:15598-1

OPENSUSE-SU-2025:20022-1

OPENSUSE-SU-2026:10005-1

SUSE-SU-2025:03446-1

USN-7794-1

Produtos afetados

Debian

Django

Linuxmint

Red Os

Ubuntu

PT-2025-40291 · Django+4 · Django+4

CVE-2025-59682

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 123