|
Vulnerabilities
< Back

CVE-2025-59682

Updated on 01 Oct 2025

Severity

6.5 Medium severity

Details

CVSS score
6.5
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the “startapp –template” and “startproject –template” commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.

Details

Affected product:
Django
Affected packages:
django @ 4.2.22 (+4 more)
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the “startapp –template” and “startproject –template” commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.