Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-24583

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.

Related bugs and status

CVE-2020-24583 (Candidate) is related to these bugs:

Bug #1946890: Merge python-django from Debian unstable for 22.04

Summary				In	Importance	Status
	1946890	Merge python-django from Debian unstable for 22.04		python-django (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://docs.djangopro...
MISC: https://groups.google....
MISC: https://groups.google....
MISC: https://www.djangoproj...
MISC: https://www.openwall.c...
UBUNTU: USN-4479-1
FEDORA: FEDORA-2020-6941c0a65b
FEDORA: FEDORA-2020-94407454d7
CONFIRM: https://security.netap...
FEDORA: FEDORA-2020-9c6b391162
MISC: https://www.oracle.com...