Homepage

django-sendfile2@0.6.0 vulnerabilities

Abstraction to offload file uploads to web-server (e.g. Apache with mod_xsendfile) once Django has checked permissions etc.

  • latest version

    0.7.1

  • latest non vulnerable version

    0.7.1

  • first published

    6 years ago

  • latest version published

    1 years ago

  • licenses detected

  • View django-sendfile2 package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the django-sendfile2 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Reflected File Download (RFD)

    django-sendfile2 is an Abstraction to offload file uploads to web-server (e.g. Apache with mod_xsendfile) once Django has checked permissions etc.

    Affected versions of this package are vulnerable to Reflected File Download (RFD) in the sendfile() function in utils.py. An attacker can cause the loading of a malicious file by supplying a crafted attachment filename. This is parallel to the vulnerability in Django described by CVE-2022-36359.

    How to fix Reflected File Download (RFD)?

    Upgrade django-sendfile2 to version 0.7.0 or higher.

    [,0.7.0)
    Go back to all versions of this package