Vulnerability	Vulnerable Version
M Directory Traversal django-sendfile2 is an Abstraction to offload file uploads to web-server (e.g. Apache with mod_xsendfile) once Django has checked permissions etc. Affected versions of this package are vulnerable to Directory Traversal such that it is relying on the backend to correctly limit file paths to `SENDFILE_ROOT`. This is not the case for the simple and development backends, it is also not necessarily the case for any of the other backends either. Note: When upgrading, users will need to make sure `SENDFILE_ROOT` is set in the settings module if it wasn't already. How to fix Directory Traversal? Upgrade `django-sendfile2` to version 0.6.0 or higher.	[,0.6.0)
H Reflected File Download (RFD) django-sendfile2 is an Abstraction to offload file uploads to web-server (e.g. Apache with mod_xsendfile) once Django has checked permissions etc. Affected versions of this package are vulnerable to Reflected File Download (RFD) in the `sendfile()` function in `utils.py`. An attacker can cause the loading of a malicious file by supplying a crafted attachment filename. This is parallel to the vulnerability in Django described by CVE-2022-36359. How to fix Reflected File Download (RFD)? Upgrade `django-sendfile2` to version 0.7.0 or higher.	[,0.7.0)
M Directory Traversal django-sendfile2 is an Abstraction to offload file uploads to web-server (e.g. Apache with mod_xsendfile) once Django has checked permissions etc. Affected versions of this package are vulnerable to Directory Traversal. It relies on the backend to correctly limit file paths to `SENDFILE_ROOT`, which is not the case for the `simple` and `development` backends, and not necessarily the case for any of the other backends. How to fix Directory Traversal? Upgrade `django-sendfile2` to version 0.6.0 or higher.	[,0.6.0)

Go back to all versions of this package