{"api_version":"1","generated_at":"2026-04-22T19:18:56+00:00","cve":"CVE-2023-24580","urls":{"html":"https://cve.report/CVE-2023-24580","api":"https://cve.report/api/cve/CVE-2023-24580.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-24580","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-24580"},"summary":{"title":"CVE-2023-24580","description":"An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-02-15 01:15:00","updated_at":"2023-11-07 04:08:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/02/14/1","name":"http://www.openwall.com/lists/oss-security/2023/02/14/1","refsource":"MISC","tags":[],"title":"oss-security - Django - CVE-2023-24580: Potential denial-of-service vulnerability in\n file uploads","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/","name":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/","refsource":"MISC","tags":[],"title":"Django security releases issued: 4.1.7, 4.0.10, and 3.2.18 | Weblog | Django","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/","name":"FEDORA-2023-bde7913e5a","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://groups.google.com/forum/#%21forum/django-announce","name":"https://groups.google.com/forum/#%21forum/django-announce","refsource":"","tags":[],"title":"Redirecting to Google Groups","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://groups.google.com/forum/#!forum/django-announce","name":"https://groups.google.com/forum/#!forum/django-announce","refsource":"MISC","tags":[],"title":"Redirecting to Google Groups","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/","name":"FEDORA-2023-a53ab7c969","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/","name":"FEDORA-2023-a74513bda8","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: python-django3-3.2.18-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/","name":"FEDORA-2023-3d775d93be","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/","name":"FEDORA-2023-bde7913e5a","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: python-django3-3.2.18-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://docs.djangoproject.com/en/4.1/releases/security/","name":"https://docs.djangoproject.com/en/4.1/releases/security/","refsource":"MISC","tags":[],"title":"Archive of security issues | Django documentation | Django","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/","name":"FEDORA-2023-a74513bda8","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: python-django3-3.2.18-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/","name":"FEDORA-2023-3d775d93be","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: python-django3-3.2.18-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/","name":"FEDORA-2023-8fed428c5e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/","name":"FEDORA-2023-a53ab7c969","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html","name":"[debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3329-1] python-django security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/","name":"FEDORA-2023-8fed428c5e","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20230316-0006/","name":"https://security.netapp.com/advisory/ntap-20230316-0006/","refsource":"CONFIRM","tags":[],"title":"CVE-2023-24580 Django Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-24580","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24580","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"24580","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24580","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"djangoproject","cpe5":"django","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-24580","qid":"181596","title":"Debian Security Update for python-django (DLA 3329-1)"},{"cve":"CVE-2023-24580","qid":"184719","title":"Debian Security Update for python-django (CVE-2023-24580)"},{"cve":"CVE-2023-24580","qid":"199175","title":"Ubuntu Security Notification for Django Vulnerability (USN-5868-1)"},{"cve":"CVE-2023-24580","qid":"241405","title":"Red Hat Update for Satellite 6.13 (RHSA-2023:2097)"},{"cve":"CVE-2023-24580","qid":"283757","title":"Fedora Security Update for python (FEDORA-2023-3d775d93be)"},{"cve":"CVE-2023-24580","qid":"283758","title":"Fedora Security Update for python (FEDORA-2023-bde7913e5a)"},{"cve":"CVE-2023-24580","qid":"283945","title":"Fedora Security Update for python (FEDORA-2023-8fed428c5e)"},{"cve":"CVE-2023-24580","qid":"284167","title":"Fedora Security Update for python (FEDORA-2023-a53ab7c969)"},{"cve":"CVE-2023-24580","qid":"284273","title":"Fedora Security Update for python (FEDORA-2023-a74513bda8)"},{"cve":"CVE-2023-24580","qid":"502922","title":"Alpine Linux Security Update for py3-django"},{"cve":"CVE-2023-24580","qid":"505801","title":"Alpine Linux Security Update for py3-django"},{"cve":"CVE-2023-24580","qid":"6000222","title":"Debian Security Update for python-django (DSA 5465-1)"},{"cve":"CVE-2023-24580","qid":"691060","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for django (9c9ee9a6-ac5e-11ed-9323-080027d3a315)"},{"cve":"CVE-2023-24580","qid":"960924","title":"Rocky Linux Security Update for Satellite (RLSA-2023:2097)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-24580","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://groups.google.com/forum/#!forum/django-announce","refsource":"MISC","name":"https://groups.google.com/forum/#!forum/django-announce"},{"url":"https://docs.djangoproject.com/en/4.1/releases/security/","refsource":"MISC","name":"https://docs.djangoproject.com/en/4.1/releases/security/"},{"refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/02/14/1","url":"http://www.openwall.com/lists/oss-security/2023/02/14/1"},{"refsource":"MISC","name":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/","url":"https://www.djangoproject.com/weblog/2023/feb/14/security-releases/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html"},{"refsource":"FEDORA","name":"FEDORA-2023-3d775d93be","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/"},{"refsource":"FEDORA","name":"FEDORA-2023-bde7913e5a","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/"},{"refsource":"FEDORA","name":"FEDORA-2023-a74513bda8","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230316-0006/","url":"https://security.netapp.com/advisory/ntap-20230316-0006/"},{"refsource":"FEDORA","name":"FEDORA-2023-8fed428c5e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/"},{"refsource":"FEDORA","name":"FEDORA-2023-a53ab7c969","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/"}]}},"nvd":{"publishedDate":"2023-02-15 01:15:00","lastModifiedDate":"2023-11-07 04:08:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"3.2.18","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.0.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1","versionEndExcluding":"4.1.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}