Django
Moderate fix3 remedies
cpe:2.3:a:django_project:django:*:*:*:*:*:*:*
Moderate fix3 remedies
- < 6.0.3
- < 5.2.12
- < 4.2.29
- ~5.0
- ~4.1
- ~3.2
Django Race Condition Vulnerability in File-Based Cache and Storage Backends Allowing Incorrect File Permissions
Vulnerability
Patched
A race condition vulnerability has been identified in Django versions 6.0 prior to 6.0.3, 5.2 prior to 5.2.12, and 4.2 prior to 4.2.29. This vulnerability arises in the file-system storage and file-based cache backends, where concurrent requests can lead to the creation of file system objects with incorrect permissions. In multi-threaded environments, a temporary change in the 'umask' of one thread can inadvertently affect other threads, allowing for exploitation. Unsupported Django versions, such as 5.0.x, 4.1.x, and 3.2.x, may also be vulnerable.
Impact
Exploitation of this vulnerability can result in file system objects being created with unintended permissions, potentially leading to unauthorized access or modification of those files.
Remediation
Users can upgrade to Django versions 6.0.3, 5.2.12, or 4.2.29 to address this vulnerability.
Added: Mar 3, 2026, 3:21 PM
Updated: Mar 3, 2026, 10:42 PM
Vulnerability Rating
Custom Algorithm
spread
7.6impact
1.3exploitability
5.0remediation
7.7relevance
3.4threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.