PublicDateAtUSN: 2022-01-04 10:00:00 UTC
Candidate: CVE-2021-45452
CRD: 2022-01-04 10:00:00 UTC
PublicDate: 2022-01-05 00:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45452
 https://ubuntu.com/security/notices/USN-5204-1
Description:
 Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before
 4.0.1 allows directory traversal if crafted filenames are directly passed
 to it.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
Priority: low
Discovered-by: Dennis Brinkrolf
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_python-django:
upstream_python-django: needs-triage
trusty/esm_python-django: needs-triage
esm-infra/xenial_python-django: needs-triage
bionic_python-django: released (1:1.11.11-1ubuntu1.15)
focal_python-django: released (2:2.2.12-1ubuntu0.9)
hirsute_python-django: released (2:2.2.20-1ubuntu0.4)
impish_python-django: released (2:2.2.24-1ubuntu1.2)
jammy_python-django: released (2:3.2.11-1)
devel_python-django: released (2:3.2.11-1)