Resource exhaustion in Django

🗓️ 15 Feb 2023 03:30:47Reported by GitHub Advisory DatabaseType

An issue in Django Multipart Request Parser could lead to resource exhaustio

Reporter	Title	Published	Views	Family All 153
FreeBSD	Django -- multiple vulnerabilities	1 Feb 202300:00	–	freebsd
ATTACKERKB	CVE-2022-24580	29 May 202320:15	–	attackerkb
AlpineLinux	CVE-2023-24580	15 Feb 202300:00	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в python-django	20 May 202605:53	–	astralinux
BDU FSTEC	The vulnerability of the Django web application platform, related to uncontrolled resource consumption, allows attackers to trigger service failures.	26 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-24580	15 Feb 202307:36	–	circl
CNNVD	Django 资源管理错误漏洞	14 Feb 202300:00	–	cnnvd
CVE	CVE-2023-24580	15 Feb 202300:00	–	cve
Cvelist	CVE-2023-24580	15 Feb 202300:00	–	cvelist
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities	17 Apr 202313:48	–	ibm

Vulners

Node

django_project djangoRange4.0a1–4.0.10pip

django_project djangoRange4.1a1–4.1.7pip

django_project djangoRange3.2a1–3.2.18pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-24580
groups	www.groups.google.com/forum/
openwall	www.openwall.com/lists/oss-security/2023/02/14/1
github	www.github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
github	www.github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
github	www.github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
lists	www.lists.debian.org/debian-lts-announce/2023/02/msg00023.html
docs	www.docs.djangoproject.com/en/4.1/releases/security
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK

19 Mar 2025 15:39Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.62575

SSVC