CVE-2023-24580

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-24580
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24580.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-24580
Aliases
Downstream
Related
Published
2023-02-15T01:15:10.687Z
Modified
2026-02-19T01:57:26.980160Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

References

Affected packages

Git / github.com/django/django

Affected ranges

Type
GIT
Repo
https://github.com/django/django
Events
Introduced
3591e1c1acbd7c13174275367c3fdf012cb0413b
Fixed
722e9f8a38f5b34f2423059a75f8a59bb8eb931a
Introduced
9fee86e44dd83dc968ec443adcde191b3eba1286
Fixed
c57ff9ba5e251cd4c2761105a6046662c08f951e
Introduced
ef62a3a68c9d558486145a42c0d71ea9a76add9e
Fixed
4d51383f09870e3dade9967a60c956fb81b874a7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24580.json"