BIT-django-2026-33033

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/django/BIT-django-2026-33033.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-django-2026-33033

Aliases

Published

2026-04-16T23:38:44.975Z

Modified

2026-04-17T04:56:16.402869315Z

Summary

Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

Details

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / django

Package

Name: django
Purl: pkg:bitnami/django

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

4.2.0

Fixed

4.2.30

Introduced

5.2.0

Fixed

5.2.13

Introduced

6.0.0

Fixed

6.0.4

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/django/BIT-django-2026-33033.json"