9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
47.1%
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django’s “Uploading multiple files” documentation suggested otherwise.
docs.djangoproject.com/en/4.2/releases/security
github.com/advisories/GHSA-r3xc-prgr-mg9p
github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2023-61.yaml
groups.google.com/forum/#!forum/django-announce
lists.fedoraproject.org/archives/list/[email protected]/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW
lists.fedoraproject.org/archives/list/[email protected]/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD
nvd.nist.gov/vuln/detail/CVE-2023-31047
security.netapp.com/advisory/ntap-20230609-0008
www.djangoproject.com/weblog/2023/may/03/security-releases
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
47.1%