Path Traversal in Codingjoe Django-s3file
CVE-2026-42196
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload location…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.000 (8.7th percentile) — read the EPSS interpretation.
Affected products
- Codingjoe Django-s3file — versions < 7.0.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)