Published: 15/02/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

An issue exists in the Multipart Request Parser in Django 3.2 prior to 3.2.18, 4.0 prior to 4.0.10, and 4.1 prior to 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
djangoproject django
debian debian linux 10.0

Debian Bug report logs - #1031290 python-django: CVE-2023-24580 (denial-of-service vulnerability in file uploads) Package: python-django; Maintainer for python-django is Debian Python Team <team+python@trackerdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: "Chris Lamb" <lamby ...

Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service For the oldstable distribution (bullseye), this problem has been fixed in version 2:2228-1~deb11u2 This update also addresses CVE-2023-23969, CVE-2023-31047 and CVE-2023-24580 For the ...

Synopsis Important: Satellite 613 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 613 The release contains anew version of Satellite and important security fixes ...

Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...

Synopsis Moderate: RHUI 440 release - Security Fixes, Bug Fixes, and Enhancements Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An updated version of Red Hat Update Infrastructure (RHUI) is now available RHUI 4 ...

DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in the Multipart Request Parser in Django 32 before 3218, 40 before 4010, and 41 before 417 Passing certain inputs (eg, an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential v ...

Check Point Reference: CPAI-2023-1485 Date Published: 24 Jan 2024 Severity: High ...

CWE-400 https://docs.djangoproject.com/en/4.1/releases/security/https://www.djangoproject.com/weblog/2023/feb/14/security-releases/http://www.openwall.com/lists/oss-security/2023/02/14/1 https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html https://security.netapp.com/advisory/ntap-20230316-0006/https://groups.google.com/forum/#%21forum/django-announce https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031290 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5465

CVE-2023-24580

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect