CVE-2025-49143: Django Unauthenticated Serve Routing
Directly routing to Django's `serve` view exposes files without access control. This allows unauthenticated users to read arbitrary files within the document root. Enforce authentication by wrapping `django.views.static.serve` in a custom view, or restrict this route to development environments only using `if settings.DEBUG:`.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Python
Pythongreprules fetch cve-2025-49143-django-unauthenticated-serve-routing --engine opengrepDescription
Directly routing to Django's `serve` view exposes files without access control. This allows unauthenticated users to read arbitrary files within the document root. Enforce authentication by wrapping `django.views.static.serve` in a custom view, or restrict this route to development environments only using `if settings.DEBUG:`.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0