Home > Vulnerability Database > WS-2020-0125

Mend.io Vulnerability Database

WS-2020-0125

Good to know:

Date: August 19, 2025

django-sendfile2 currently relies on the backend to correctly limit file paths to SENDFILE_ROOT. This is not the case for the simple and development backends, it is also not necessarily the case for any of the other backends either (it's just an assumption that was made by the original author).

Language: Python

Severity Score

8.6

Related Resources (4)

Url: https://github.com/moggers87/django-sendfile2

Url: https://github.com/moggers87/django-sendfile2/security/advisories/GHSA-6r3c-8xf3-ggrr

Url: https://github.com/moggers87/django-sendfile2/commit/f870c52398a55b9b5189932dd8caa24efb4bc1e1

Url: https://www.mend.io/vulnerability-database/WS-2020-0125

Severity Score

8.6

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Relative Path Traversal

CWE-23

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2020-0125

Good to know:

Date: August 19, 2025

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?