OESA-2023-1286
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1286
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1286.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1286
- Upstream
- Published
- 2023-05-19T11:05:16Z
- Modified
- 2025-08-12T05:19:58.957280Z
- Summary
- python-django security update
- Details
-
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Security Fix(es):
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.(CVE-2023-31047)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP1 / python-django
Package
- Name
- python-django
- Purl
- pkg:rpm/openEuler/python-django&distro=openEuler-20.03-LTS-SP1
openEuler:20.03-LTS-SP3 / python-django
Package
- Name
- python-django
- Purl
- pkg:rpm/openEuler/python-django&distro=openEuler-20.03-LTS-SP3
openEuler:22.03-LTS / python-django
Package
- Name
- python-django
- Purl
- pkg:rpm/openEuler/python-django&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.12-4.oe2203sp1
Ecosystem specific
{
"src": [
"python-django-2.2.27-5.oe2203.src.rpm",
"python-django-3.2.12-4.oe2203sp1.src.rpm"
],
"noarch": [
"python-django-help-2.2.27-5.oe2203.noarch.rpm",
"python3-Django-2.2.27-5.oe2203.noarch.rpm",
"python3-Django-3.2.12-4.oe2203sp1.noarch.rpm",
"python-django-help-3.2.12-4.oe2203sp1.noarch.rpm"
]
}