Now
MAIN commitmail json YAML
py-django3: updated to 3.2.15
Django 3.2.15 fixes a security issue with severity “high”
CVE-2022-36359: Potential reflected file download vulnerability in FileResponse¶
An application may have been vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename was derived from user-supplied input. The filename is now escaped to avoid this possibility.
Django 3.2.15 fixes a security issue with severity “high”
CVE-2022-36359: Potential reflected file download vulnerability in FileResponse¶
An application may have been vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename was derived from user-supplied input. The filename is now escaped to avoid this possibility.