9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.8%
Django is vulnerable to File Upload Validation Bypass. The vulnerability exists due to the FileInput
class in widgets.py
because uploading multiple files using one form field has never been officially supported by forms.FileField
or forms.ImageField
as only the last uploaded file was validated, which allows an attacker to upload files without validation.
django.readthedocs.io/en/latest/releases/security.html#may-3-2023-cve-2023-31047
docs.djangoproject.com/en/4.2/releases/security/
github.com/django/django/commit/21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd
github.com/django/django/commit/e7c3a2ccc3a562328600be05068ed9149e12ce64
github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
groups.google.com/forum/#!forum/django-announce
groups.google.com/forum/#%21forum/django-announce
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/
lists.fedoraproject.org/archives/list/[email protected]/message/A45VKTUVQ2BN6D5ZLZGCM774R6QGFOHW/
lists.fedoraproject.org/archives/list/[email protected]/message/DNEHD6N435OE2XUFGDAAVAXSYWLCUBFD/
security.netapp.com/advisory/ntap-20230609-0008/
www.djangoproject.com/weblog/2023/may/03/security-releases/
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.8%