PT-2026-53420 · Pypi · Django-S3File
Published
2026-06-29
·
Updated
2026-06-29
CVSS v4.0
9.9
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N |
Impact
S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILESDepending on how files are handled, this may lead to confidentiality and integrity issues.
Patches
Django-S3File urges all users to update to a patched version >=7.0.2.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Django-S3File