Rasmus Lerchedahl Petersen

**Name of the Vulnerable Software and Affected Versions** Django versions 2.2.23 and earlier, 3.x versions prior to 3.1.12, 3.2.x versions prior to 3.2.4 **Description** The issue is related to a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. If the default admindocs templates have been customized to show file contents, then the file contents would also be exposed, allowing for directory traversal outside of the template root directories. **Recommendations** For Django versions 2.2.23 and earlier, update to version 2.2.24 or later. For Django 3.x versions prior to 3.1.12, update to version 3.1.12 or later. For Django 3.2.x versions prior to 3.2.4, update to version 3.2.4 or later. As a temporary workaround, consider restricting access to the TemplateDetailView view in django.contrib.admindocs until a patch is applied.