Primary

Context

django-s3file Relative Path Traversal Vulnerability in S3FileMiddleware

Vulnerability

Patched

A relative path traversal vulnerability has been identified in the S3FileMiddleware component of django-s3file, a file upload input tool for Django and Amazon S3. This vulnerability exists in versions of django-s3file through 7.0.1. It allows attackers to manipulate requests to escape pre-signed upload locations, causing the Django application to load files from arbitrary locations into request.FILES. Depending on the application's file handling procedures, this could result in confidentiality and integrity issues.

Impact

Exploitation of this vulnerability allows for relative path traversal, enabling attackers to load files from arbitrary locations into request.FILES. This could lead to significant confidentiality and integrity issues, depending on how the uploaded files are processed by the application.

Remediation

Users are advised to update to django-s3file version 7.0.2 or later.

Added: May 12, 2026, 10:34 PM

Updated: May 12, 2026, 10:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

django-s3file Relative Path Traversal Vulnerability in S3FileMiddleware

Vulnerability

Impact

Remediation

Affected Products

codingjoe django-s3file

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating