Django@* Security Vulnerabilities and Issues — Django@* CVE List

Lucene search

DjangoprojectDjango*

7 matches found

cve•added 2023/05/07 2:15 a.m.•224 views

CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Dj...

9.8CVSS9.3AI score0.00063EPSS

cve•added 2023/07/03 1:15 p.m.•205 views

CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

7.5CVSS7.1AI score0.02235EPSS

cve•added 2023/11/03 5:15 a.m.•188 views

CVE-2023-41164

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

7.5CVSS7.2AI score0.00391EPSS

cve•added 2023/02/01 7:15 p.m.•182 views

CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

7.5CVSS7.3AI score0.01645EPSS

cve•added 2023/11/03 5:15 a.m.•179 views

CVE-2023-43665

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and ...

7.5CVSS6.8AI score0.02473EPSS

cve•added 2023/02/15 1:15 a.m.•165 views

CVE-2023-24580

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for ...

7.5CVSS7.3AI score0.12511EPSS

cve•added 2023/11/02 6:15 a.m.•61 views

CVE-2023-46695

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of ...

7.5CVSS7.2AI score0.02674EPSS