[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-39330":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":45,"downstream":46,"duplicates":81,"related":82,"reserved_at":9,"published_at":95,"modified_at":96,"state":97,"summary":98,"references_raw":107,"kevs":164,"epss":165,"epss_history":168,"metrics":436,"affected":453},"CVE-2024-39330","An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.)",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43,44],"GHSA-9jmf-237g-qf46","BIT-django-2024-39330","PYSEC-2024-58",[],[47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79],{"_key":48},"DLA-4458-1",{"_key":50},"SUSE-SU-2024:2545-1",{"_key":52},"SUSE-SU-2024:2577-1",{"_key":54},"OPENSUSE-SU-2024:0251-1",{"_key":56},"OPENSUSE-SU-2024:14203-1",{"_key":58},"OPENSUSE-SU-2024:14208-1",{"_key":60},"DSA-6136-1",{"_key":62},"OPENSUSE-SU-2026:10005-1",{"_key":64},"OPENSUSE-SU-2026:10125-1",{"_key":66},"UBUNTU-CVE-2024-39330",{"_key":68},"MGASA-2025-0039",{"_key":70},"USN-6888-1",{"_key":72},"USN-6888-2",{"_key":74},"DEBIAN-CVE-2024-39330",{"_key":76},"RHSA-2024:6428",{"_key":78},"RHSA-2024:8906",{"_key":80},"RHSA-2024:9481",[],[83,84,85,86,87,88,89,90,91,93],{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":62},{"_key":64},{"_key":68},{"_key":92},"CGA-HJG4-672P-6268",{"_key":94},"CGA-2QF2-J356-MX43","2024-07-10T00:00:00.000Z","2025-11-04T16:12:26.941Z","Modified",{"cisa_kev":99,"cisa_ransomware":99,"cisa_vendor":9,"epss_severity":100,"epss_score":101,"severity":102,"severity_score":103,"severity_version":104,"severity_source":105,"severity_vector":106,"severity_status":97},false,"low",0.00186,"medium",4.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",[108,116,121,126,130,135,139,143,147,152,156,160],{"url":109,"sources":110,"tags":113},"https://docs.djangoproject.com/en/dev/releases/security/",[105,111,112],"nvd","osv_pypi",[114,115],"Vendor Advisory","WEB",{"url":117,"sources":118,"tags":119},"https://groups.google.com/forum/#%21forum/django-announce",[105,111,112],[120,115],"Permissions Required",{"url":122,"sources":123,"tags":124},"https://www.djangoproject.com/weblog/2024/jul/09/security-releases/",[105,111,112],[114,125],"ARTICLE",{"url":127,"sources":128,"tags":129},"https://security.netapp.com/advisory/ntap-20240808-0005/",[105,111],[],{"url":131,"sources":132,"tags":133},"https://nvd.nist.gov/vuln/detail/CVE-2024-39330",[112],[134],"Advisory",{"url":136,"sources":137,"tags":138},"https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e",[112],[115],{"url":140,"sources":141,"tags":142},"https://github.com/django/django/commit/9f4f63e9ebb7bf6cb9547ee4e2526b9b96703270",[112],[115],{"url":144,"sources":145,"tags":146},"https://docs.djangoproject.com/en/dev/releases/security",[112],[115],{"url":148,"sources":149,"tags":150},"https://github.com/django/django",[112],[151],"PACKAGE",{"url":153,"sources":154,"tags":155},"https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2024-58.yaml",[112],[115],{"url":157,"sources":158,"tags":159},"https://security.netapp.com/advisory/ntap-20240808-0005",[112],[115],{"url":161,"sources":162,"tags":163},"https://www.djangoproject.com/weblog/2024/jul/09/security-releases",[112],[115],[],{"date":166,"score":101,"percentile":167},"2026-06-04",0.40212,[169,173,176,179,182,185,188,191,194,197,200,203,205,208,211,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,329,332,334,337,340,343,346,349,352,355,358,361,364,366,369,372,375,378,381,384,387,390,393,397,400,403,405,408,411,414,417,420,423,425,428,431,434],{"date":170,"score":171,"percentile":172},"2025-11-04",0.00137,0.34285,{"date":174,"score":171,"percentile":175},"2025-11-05",0.34274,{"date":177,"score":171,"percentile":178},"2025-11-06",0.34275,{"date":180,"score":171,"percentile":181},"2025-11-07",0.34293,{"date":183,"score":171,"percentile":184},"2025-11-08",0.34287,{"date":186,"score":171,"percentile":187},"2025-11-09",0.34268,{"date":189,"score":171,"percentile":190},"2025-11-10",0.34218,{"date":192,"score":171,"percentile":193},"2025-11-11",0.34246,{"date":195,"score":171,"percentile":196},"2025-11-12",0.34291,{"date":198,"score":171,"percentile":199},"2025-11-13",0.34308,{"date":201,"score":171,"percentile":202},"2025-11-14",0.34314,{"date":204,"score":171,"percentile":202},"2025-11-15",{"date":206,"score":171,"percentile":207},"2025-11-16",0.34286,{"date":209,"score":171,"percentile":210},"2025-11-17",0.34262,{"date":212,"score":213,"percentile":214},"2025-11-18",0.00279,0.48223,{"date":216,"score":213,"percentile":217},"2025-11-19",0.48238,{"date":219,"score":213,"percentile":220},"2025-11-20",0.48222,{"date":222,"score":171,"percentile":223},"2025-11-21",0.34294,{"date":225,"score":171,"percentile":226},"2025-11-22",0.34295,{"date":228,"score":171,"percentile":229},"2025-11-23",0.34261,{"date":231,"score":171,"percentile":232},"2025-11-24",0.34235,{"date":234,"score":171,"percentile":235},"2025-11-25",0.34231,{"date":237,"score":171,"percentile":238},"2025-11-26",0.34229,{"date":240,"score":171,"percentile":241},"2025-11-27",0.34239,{"date":243,"score":171,"percentile":244},"2025-11-28",0.3422,{"date":246,"score":101,"percentile":247},"2025-11-29",0.40583,{"date":249,"score":101,"percentile":250},"2025-11-30",0.40561,{"date":252,"score":101,"percentile":253},"2025-12-01",0.40682,{"date":255,"score":101,"percentile":256},"2025-12-02",0.40689,{"date":258,"score":101,"percentile":259},"2025-12-03",0.40691,{"date":261,"score":101,"percentile":262},"2025-12-04",0.40557,{"date":264,"score":101,"percentile":265},"2025-12-05",0.40586,{"date":267,"score":101,"percentile":268},"2025-12-06",0.40582,{"date":270,"score":101,"percentile":271},"2025-12-07",0.4056,{"date":273,"score":101,"percentile":274},"2025-12-08",0.40571,{"date":276,"score":101,"percentile":277},"2025-12-09",0.40611,{"date":279,"score":101,"percentile":280},"2025-12-10",0.40667,{"date":282,"score":101,"percentile":283},"2025-12-11",0.40695,{"date":285,"score":101,"percentile":286},"2025-12-12",0.40728,{"date":288,"score":101,"percentile":289},"2025-12-13",0.40706,{"date":291,"score":101,"percentile":292},"2025-12-14",0.40665,{"date":294,"score":101,"percentile":295},"2025-12-15",0.40646,{"date":297,"score":101,"percentile":298},"2025-12-16",0.40679,{"date":300,"score":101,"percentile":301},"2025-12-17",0.40718,{"date":303,"score":101,"percentile":304},"2025-12-18",0.40765,{"date":306,"score":101,"percentile":307},"2025-12-19",0.40781,{"date":309,"score":101,"percentile":310},"2025-12-20",0.40759,{"date":312,"score":101,"percentile":313},"2025-12-21",0.40722,{"date":315,"score":101,"percentile":316},"2025-12-22",0.40693,{"date":318,"score":101,"percentile":319},"2025-12-23",0.407,{"date":321,"score":101,"percentile":322},"2025-12-24",0.40716,{"date":324,"score":101,"percentile":325},"2025-12-25",0.40769,{"date":327,"score":101,"percentile":328},"2025-12-26",0.40747,{"date":330,"score":101,"percentile":331},"2025-12-27",0.40775,{"date":333,"score":101,"percentile":280},"2025-12-28",{"date":335,"score":101,"percentile":336},"2025-12-29",0.40641,{"date":338,"score":101,"percentile":339},"2025-12-30",0.40632,{"date":341,"score":101,"percentile":342},"2025-12-31",0.4068,{"date":344,"score":101,"percentile":345},"2026-01-01",0.40822,{"date":347,"score":101,"percentile":348},"2026-01-02",0.408,{"date":350,"score":101,"percentile":351},"2026-01-03",0.40794,{"date":353,"score":101,"percentile":354},"2026-01-04",0.40634,{"date":356,"score":101,"percentile":357},"2026-01-05",0.4061,{"date":359,"score":101,"percentile":360},"2026-01-06",0.40614,{"date":362,"score":101,"percentile":363},"2026-01-07",0.40636,{"date":365,"score":101,"percentile":292},"2026-01-08",{"date":367,"score":101,"percentile":368},"2026-01-09",0.40649,{"date":370,"score":101,"percentile":371},"2026-01-10",0.40651,{"date":373,"score":101,"percentile":374},"2026-01-11",0.40623,{"date":376,"score":101,"percentile":377},"2026-01-12",0.40576,{"date":379,"score":101,"percentile":380},"2026-01-13",0.40559,{"date":382,"score":101,"percentile":383},"2026-01-14",0.40607,{"date":385,"score":101,"percentile":386},"2026-01-15",0.40597,{"date":388,"score":101,"percentile":389},"2026-01-16",0.40618,{"date":391,"score":101,"percentile":392},"2026-01-17",0.40595,{"date":394,"score":395,"percentile":396},"2026-01-18",0.00192,0.41166,{"date":398,"score":395,"percentile":399},"2026-01-19",0.41134,{"date":401,"score":395,"percentile":402},"2026-01-20",0.41124,{"date":404,"score":395,"percentile":402},"2026-01-21",{"date":406,"score":395,"percentile":407},"2026-01-22",0.41114,{"date":409,"score":395,"percentile":410},"2026-01-23",0.41175,{"date":412,"score":395,"percentile":413},"2026-01-24",0.41188,{"date":415,"score":395,"percentile":416},"2026-01-25",0.41139,{"date":418,"score":101,"percentile":419},"2026-01-26",0.40475,{"date":421,"score":101,"percentile":422},"2026-01-27",0.40477,{"date":424,"score":101,"percentile":419},"2026-01-28",{"date":426,"score":101,"percentile":427},"2026-01-29",0.40457,{"date":429,"score":101,"percentile":430},"2026-01-30",0.40462,{"date":432,"score":101,"percentile":433},"2026-01-31",0.40473,{"date":435,"score":101,"percentile":377},"2026-02-01",[437,442,444],{"source":105,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":438,"cvss_v4_0":9},{"baseScore":103,"baseSeverity":439,"vectorString":106,"impactScore":440,"exploitabilityScore":441},"MEDIUM",2.3,7.2,{"source":111,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":443,"cvss_v4_0":9},{"baseScore":103,"baseSeverity":439,"vectorString":106,"impactScore":440,"exploitabilityScore":441},{"source":112,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":445,"cvss_v4_0":450},{"baseScore":446,"baseSeverity":9,"vectorString":447,"impactScore":448,"exploitabilityScore":449},7.5,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",6,10,{"baseScore":451,"baseSeverity":9,"vectorString":452,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",[454,472],{"ecosystem":9,"name":455,"vendor":456,"product":457,"cpe_part":458,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"Django","djangoproject","django","a",[460,468],{"version":461,"is_range":462,"range_type":463,"version_start":464,"version_start_type":465,"version_end":466,"version_end_type":467,"fixed_in":9},"gte4.2_lt4.2.14",true,"cpe","4.2","including","4.2.14","excluding",{"version":469,"is_range":462,"range_type":463,"version_start":470,"version_start_type":465,"version_end":471,"version_end_type":467,"fixed_in":9},"gte5.0_lt5.0.7","5.0","5.0.7",{"ecosystem":473,"name":457,"vendor":473,"product":457,"cpe_part":9,"purl_type":474,"purl_namespace":9,"purl_name":457,"source":9,"versions":475},"PyPI","pypi",[476,479],{"version":477,"is_range":462,"range_type":478,"version_start":470,"version_start_type":465,"version_end":471,"version_end_type":467,"fixed_in":9},"gte5_0_lt5_0_7","ecosystem",{"version":480,"is_range":462,"range_type":478,"version_start":464,"version_start_type":465,"version_end":466,"version_end_type":467,"fixed_in":9},"gte4_2_lt4_2_14"]