4 matches found
Updated python-django packages fix security vulnerabilities
ASGI header spoofing via underscore/hyphen conflation. CVE-2026-3902 Privilege abuse in GenericInlineModelAdmin. CVE-2026-4277 Privilege abuse in ModelAdmin.listeditable. CVE-2026-4292 Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload. CVE-2026-33033...
CVE-2026-33034
Django CVE-2026-33034 affects ASGI request handling: missing/undersized Content-Length can bypass DATA_UPLOAD_MAX_MEMORY_SIZE when reading HttpRequest.body, allowing loading of an unbounded request body. Affected: Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30; earlier series (...
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...