Vulnerabilities > Djangoproject > Django > 2.2.19

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-32052 Cross-site Scripting vulnerability in multiple products
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used).
network
low complexity
djangoproject fedoraproject CWE-79
6.1
6.1
2021-05-05 CVE-2021-31542 Path Traversal vulnerability in multiple products
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
network
low complexity
djangoproject debian fedoraproject CWE-22
7.5
7.5
2021-04-06 CVE-2021-28658 Path Traversal vulnerability in multiple products
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names.
network
low complexity
djangoproject debian fedoraproject CWE-22
5.3
5.3