CVE-2022-23833
- Source
- https://cve.org/CVERecord?id=CVE-2022-23833
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23833.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-23833
- Aliases
- Downstream
- Related
- Published
- 2022-02-03T00:00:00Z
- Modified
- 2026-05-12T03:53:24.874912Z
- Summary
- [none]
- Details
-
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23833.json", "cna_assigner": "mitre" }- References
-
- https://docs.djangoproject.com/en/4.0/releases/security/
- https://groups.google.com/forum/#%21forum/django-announce
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23833.json
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/
- https://nvd.nist.gov/vuln/detail/CVE-2022-23833
- https://security.netapp.com/advisory/ntap-20220221-0003/
- https://www.debian.org/security/2022/dsa-5254
- https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a
- https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468
- https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9
- https://www.djangoproject.com/weblog/2022/feb/01/security-releases/