GHSA-2hrw-hx67-34x6

Source

https://github.com/advisories/GHSA-2hrw-hx67-34x6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-2hrw-hx67-34x6/GHSA-2hrw-hx67-34x6.json

Aliases

Published

2023-02-15T03:30:47Z

Modified

2024-04-03T15:14:09.575967Z

Summary

Resource exhaustion in Django

Details

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

References

Affected packages

PyPI / django

Package

Name: django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2

Fixed

3.2.18

Affected versions

3.*

3.2

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.2.10

3.2.11

3.2.12

3.2.13

3.2.14

3.2.15

3.2.16

3.2.17

PyPI / django

Package

Name: django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1

Fixed

4.1.7

Affected versions

4.*

4.1

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

PyPI / django

Package

Name: django

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0

Fixed

4.0.10

Affected versions

4.*

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9