CVE-2023-24580

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-24580

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24580.json

Aliases

Related

Published

2023-02-15T01:15:10Z

Modified

2023-12-06T01:02:52.536863Z

Details

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type: GIT
Repo: https://github.com/django/django
Events: Introduced

b6475d7d7940f3ce575e0b0f2d83e517f899b4cf

Fixed

722e9f8a38f5b34f2423059a75f8a59bb8eb931a

Introduced

67d0c4644acfd7707be4a31e8976f865509b09ac

Introduced

c8eb9a7c451f7935a9eaafbb195acf2aa9fa867d

Affected versions

3.*

3.2

3.2.1

3.2.10

3.2.11

3.2.12

3.2.13

3.2.14

3.2.15

3.2.16

3.2.17

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9