Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-31047

Published: 07/05/2023 Updated: 07/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Djangoproject

Vulnerability Summary

In Django 3.2 prior to 3.2.19, 4.x prior to 4.1.9, and 4.2 prior to 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

djangoproject django 4.2

djangoproject django

fedoraproject fedora 38

Vendor Advisories

Red Hat: Moderate: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements
Synopsis Moderate: RHUI 450 release - Security, Bug Fixes, and Enhancements Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An updated version of Red Hat Update Infrastructure (RHUI) is now available RHUI 45 fixes seve ...
Debian CVElist Bug Report Logs: python-django: CVE-2023-31047
Debian Bug report logs - #1035467 python-django: CVE-2023-31047 Package: python-django; Maintainer for python-django is Debian Python Team <team+python@trackerdebianorg>; Source for python-django is src:python-django (PTS, buildd, popcon) Reported by: "Chris Lamb" <lamby@debianorg> Date: Wed, 3 May 2023 16:12:01 ...
Debian Security Advisories: DSA-5465-1 python-django -- security update
Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service For the oldstable distribution (bullseye), this problem has been fixed in version 2:2228-1~deb11u2 This update also addresses CVE-2023-23969, CVE-2023-31047 and CVE-2023-24580 For the ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-20https://www.djangoproject.com/weblog/2023/may/03/security-releases/https://docs.djangoproject.com/en/4.2/releases/security/https://security.netapp.com/advisory/ntap-20230609-0008/https://groups.google.com/forum/#%21forum/django-announcehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/https://access.redhat.com/errata/RHSA-2023:4591https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5465
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook