Codingjoe

**Name of the Vulnerable Software and Affected Versions** django-s3file versions prior to 5.5.1 **Description** The issue allows an attacker to traverse the entire AWS S3 bucket and in most cases access or delete files. If the `AWS LOCATION` setting was set, traversal was limited to that location only. The problem was discovered by the maintainer, and there were no reports of it being known to or exploited by a third party before the release of the patch. An attacker may use a request with malicious form data to perform destructive operations. **Recommendations** For versions prior to 5.5.1, update to version 5.5.1 or above to fix the issue. There is no feasible workaround, and all users are urged to immediately update to a patched version. As a temporary measure, consider restricting access to sensitive files and locations in the AWS S3 bucket until the update is applied.