29 matches found
RHEL 8 : RHUI 4.5.0 - Security, Bug Fixes, and Enhancements (Moderate) (RHSA-2023:4591)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4591 advisory. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and content...
Debian DSA-5465-1 : python-django - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5465 advisory. Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of...
Debian: Security Advisory (DSA-5465-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Solaris Critical Patch Update : jul2023_SRU11_4_58_144_3
This Solaris system is missing necessary patches to address critical security updates : %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Oracle CPU for jul2023. include'deprecatednasllevel.inc'; include'compat.inc'...
openSUSE 15 Security Update : python-Django (SUSE-SU-2023:2839-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2839-1 advisory. - CVE-2023-31047: Fixed a potential bypass of validation when uploading multiple files using one form field bsc1210866. - CVE-2023-36053: Fixed...
Ubuntu 16.04 ESM : Django vulnerability (USN-6054-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6054-2 advisory. USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...
Updated python-django packages fix security vulnerability
Passing certain inputs e.g., an excessive number of parts to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 Bypass of validation when using one form field to upload multiple files. This...
Fedora 37 : python-django3 (2023-8f9d949dbc)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8f9d949dbc advisory. - Update to latest 3.2 release - Security fix for CVE-2023-31047 - Provide python3-django so it can be used by dependents that do not use the...
Fedora 38 : python-django3 (2023-0d20d09f2d)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0d20d09f2d advisory. - Update to latest 3.2 release - Security fix for CVE-2023-31047 - Provide python3-django so it can be used by dependents that do not use the...
Django 3.2.x < 3.2.19, 4.1.x < 4.1.9, 4.2.x < 4.2.1 Improper Input Validation Vulnerability - Linux
Django is prone to an input validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if...
Debian: Security Advisory (DLA-3415-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-31047
creationtimestamp| type| source ---|---|--- 2023-05-07 07:41:24+00:00| seen| https://t.me/cibsecurity/63405 2023-06-23 01:18:56+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4427...
aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +412 more potentially affected by CVE-2023-31047 via django (>=4.0.0 <=4.1.8)
django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =0.1.0, =0.0.3, =4.0.9.0, =3.1.1, =3.6.4, =3.7.0 and more Source cves: CVE-2023-31047 Source advisory: OSV:GHSA-R3XC-PRGR-MG9P...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +115 more potentially affected by CVE-2023-31047 via django (>=3.2.0 <=3.2.18)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 and more Source cves: CVE-2023-31047 Source advisory: OSV:GHSA-R3XC-PRGR-MG9P...
CVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...
DEBIAN-CVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...
bfactory (>=0.4.0 <=0.4.4), coop (>=5.2.0 <=5.2.2) +39 more potentially affected by CVE-2023-31047 via django (>=4.2.0 <=4.2.0rc1)
django PYPI version =4.2.0, =0.4.0, =5.2.0, =3.1.0, =7.2.2, =39.1.0, =9.3.0, =0.1.0a1, =1.0.0, =0.2.1, =0.2.2 - django-handy-admin =0.0.0 and more Source cves: CVE-2023-31047 Source advisory: OSV:PYSEC-2023-61...
admin-tool-button (>=1.0.1a0 <=1.0.5a0), aedttest (=0.0.2) +115 more potentially affected by CVE-2023-31047 via django (>=3.2.0 <=3.2.18)
django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.0.1, =6.2.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.1.26, =0.1.27 and more Source cves: CVE-2023-31047 Source advisory: OSV:PYSEC-2023-61...
CVE-2023-31047
CVE-2023-31047 affects Django: 3.2.x before 3.2.19, 4.x before 4.1.9, and 4.2.x before 4.2.1. The vulnerability allows bypassing validation when using a single form field to upload multiple files; forms.FileField/ImageField never validated earlier uploads, with only the last file being validated....
CVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...