CVE-2022-23833
- Source
- https://cve.org/CVERecord?id=CVE-2022-23833
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23833.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-23833
- Aliases
- Downstream
- Related
- Published
- 2022-02-03T02:15:07.623Z
- Modified
- 2026-02-02T21:34:17.069200Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
- References
-
- https://groups.google.com/forum/#%21forum/django-announce
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://security.netapp.com/advisory/ntap-20220221-0003/
- https://www.debian.org/security/2022/dsa-5254
- https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
- https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
- https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
- https://www.djangoproject.com/weblog/2022/feb/01/security-releases/