Path traversal in Django - CVE-2013-4315
Published: September 16, 2013 / Updated: February 2, 2022
Vulnerability identifier: #VU42562
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-4315
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Django Software Foundation
Affected software:
Django
Django
Detailed vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a . (dot dot) in a ssi template tag.
How to mitigate CVE-2013-4315
Install update from vendor's website.
Sources
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2013-1521.html
- http://secunia.com/advisories/54772
- http://secunia.com/advisories/54828
- http://www.debian.org/security/2013/dsa-2755
- https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/