Lucene search
K

4 matches found

Mageia
Mageia
added 2026/04/11 11:2 p.m.6 views

Updated python-django packages fix security vulnerabilities

ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...

9.8CVSS5.8AI score0.00769EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 2:22 p.m.24 views

CVE-2026-33034

Django CVE-2026-33034 affects ASGI request handling: missing/undersized Content-Length can bypass DATA_UPLOAD_MAX_MEMORY_SIZE when reading HttpRequest.body, allowing loading of an unbounded request body. Affected: Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30; earlier series (...

7.5CVSS5.9AI score0.00769EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.1 views

CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.9AI score0.00769EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 2:22 p.m.16 views

CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

0.00769EPSS
Exploits0References3
Rows per page
Query Builder