vulnerability
FreeBSD: VID-002432c8-ef6a-11ea-ba8f-08002728f74c (CVE-2020-24584): Django -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Sep 5, 2020 | Sep 6, 2020 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 5, 2020
Added
Sep 6, 2020
Modified
Dec 10, 2025
Description
Django Release notes: CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+ On Python 3.7+, FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files and to intermediate-level collected static directories when using the collectstatic management command. CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+ On Python 3.7+, the intermediate-level directories of the file system cache had the system's standard umask rather than 0o077 (no group or others permissions).
Solutions
freebsd-upgrade-package-py35-django22freebsd-upgrade-package-py36-django22freebsd-upgrade-package-py37-django22freebsd-upgrade-package-py38-django22freebsd-upgrade-package-py36-django30freebsd-upgrade-package-py37-django30freebsd-upgrade-package-py38-django30freebsd-upgrade-package-py36-django31freebsd-upgrade-package-py37-django31freebsd-upgrade-package-py38-django31
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.