Django is vulnerable to Denial Of Service (DoS). The vulnerability exists because the library does not limit the maximum number of files encoded in a multipart upload which can lead to memory exhaustion, allowing an attacker to cause an application crash.
Vendor | Product | Version | CPE |
---|---|---|---|
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.2.13-r0:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.1.13-r1:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.1.7-r1:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.2.16-r0:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.1.7-r0:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.2.14-r0:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:1.11.28-r0:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.1.13-r0:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.2.12-r0:*:*:*:*:*:*:* |
- | py3-django\ | edge | cpe:2.3:a:-:py3-django\:edge:3.2.17-r0:*:*:*:*:*:*:* |
www.openwall.com/lists/oss-security/2023/02/14/1
django.readthedocs.io/en/latest/releases/security.html#february-14-2023-cve-2023-24580
docs.djangoproject.com/en/4.1/releases/security/
github.com/django/django/commit/628b33a854a9c68ec8a0c51f382f304a0044ec92
github.com/django/django/commit/83f1ea83e4553e211c1c5a0dfc197b66d4e50432
github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8
github.com/django/django/pull/15071
groups.google.com/forum/#!forum/django-announce
groups.google.com/forum/#%21forum/django-announce
lists.debian.org/debian-lts-announce/2023/02/msg00023.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
lists.fedoraproject.org/archives/list/[email protected]/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
lists.fedoraproject.org/archives/list/[email protected]/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
lists.fedoraproject.org/archives/list/[email protected]/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
lists.fedoraproject.org/archives/list/[email protected]/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
lists.fedoraproject.org/archives/list/[email protected]/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
security.netapp.com/advisory/ntap-20230316-0006/
www.djangoproject.com/weblog/2023/feb/14/security-releases/