CVE-2023-24580
Summary
| CVE | CVE-2023-24580 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-02-15 01:15:00 UTC |
|---|
| Updated | 2023-11-07 04:08:00 UTC |
|---|
| Description | An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| oss-security - Django - CVE-2023-24580: Potential denial-of-service vulnerability in
file uploads |
MISC |
www.openwall.com |
|
| Django security releases issued: 4.1.7, 4.0.10, and 3.2.18 | Weblog | Django |
MISC |
www.djangoproject.com |
|
| [SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Redirecting to Google Groups |
|
groups.google.com |
|
| Redirecting to Google Groups |
MISC |
groups.google.com |
|
| [SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 38 Update: python-django3-3.2.18-1.fc38 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Archive of security issues | Django documentation | Django |
MISC |
docs.djangoproject.com |
|
| [SECURITY] Fedora 38 Update: python-django3-3.2.18-1.fc38 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] [DLA 3329-1] python-django security update |
MLIST |
lists.debian.org |
|
| [SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE-2023-24580 Django Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181596 Debian Security Update for python-django (DLA 3329-1)
- 184719 Debian Security Update for python-django (CVE-2023-24580)
- 199175 Ubuntu Security Notification for Django Vulnerability (USN-5868-1)
- 241405 Red Hat Update for Satellite 6.13 (RHSA-2023:2097)
- 283757 Fedora Security Update for python (FEDORA-2023-3d775d93be)
- 283758 Fedora Security Update for python (FEDORA-2023-bde7913e5a)
- 283945 Fedora Security Update for python (FEDORA-2023-8fed428c5e)
- 284167 Fedora Security Update for python (FEDORA-2023-a53ab7c969)
- 284273 Fedora Security Update for python (FEDORA-2023-a74513bda8)
- 502922 Alpine Linux Security Update for py3-django
- 505801 Alpine Linux Security Update for py3-django
- 6000222 Debian Security Update for python-django (DSA 5465-1)
- 691060 Free Berkeley Software Distribution (FreeBSD) Security Update for django (9c9ee9a6-ac5e-11ed-9323-080027d3a315)
- 960924 Rocky Linux Security Update for Satellite (RLSA-2023:2097)
