CVE-2021-45452: 
Django vulnerability analysis and mitigation

CVE-2021-45452 affects Django versions 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. The vulnerability was discovered by Dennis Brinkrolf and publicly disclosed on January 4, 2022. The issue allows directory traversal if crafted filenames are directly passed to Storage.save() function (Django Security, NVD).

The vulnerability has a CVSS v3.1 Base Score of 5.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. It is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and affects the Storage.save() functionality in Django (NVD, NetApp Advisory).

The successful exploitation of this vulnerability could lead to disclosure of sensitive information through directory traversal attacks. The severity is rated as 'low' according to Django's security policy (Django Security, NetApp Advisory).

The vulnerability has been patched in Django versions 4.0.1, 3.2.11, and 2.2.26. Users are encouraged to upgrade to these or newer versions as soon as possible. The fixes have been applied to Django's main branch and to the 4.0, 3.2, and 2.2 release branches (Django Security).