Download of Code Without Integrity Check
An issue was discovered in the HTTP FileResponse class in Django 3.2a1 through 3.2.14, 4.0a1 through 4.0.6 and 4.1a1 through 4.1rc1. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.
CWE-494 - Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.