An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
References
Configurations
History
28 Apr 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Apr 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Mar 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Mar 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Feb 2023, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-15 01:15
Updated : 2024-02-04 23:14
NVD link : CVE-2023-24580
Mitre link : CVE-2023-24580
CVE.ORG link : CVE-2023-24580
JSON object : View
Products Affected
debian
- debian_linux
djangoproject
- django
CWE
CWE-400
Uncontrolled Resource Consumption