UBUNTU-CVE-2022-23833
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2022-23833
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23833.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-23833
- Related
- Published
- 2022-02-01T08:00:00Z
- Modified
- 2022-02-01T08:00:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1.6.11-0ubuntu1.3+esm4?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.11-0ubuntu1.3+esm4
Affected versions
1.*
1.5.4-1ubuntu1
1.6-1
1.6.1-1
1.6.1-2
1.6.1-2ubuntu0.1
1.6.1-2ubuntu0.2
1.6.1-2ubuntu0.3
1.6.1-2ubuntu0.4
1.6.1-2ubuntu0.5
1.6.1-2ubuntu0.6
1.6.1-2ubuntu0.8
1.6.1-2ubuntu0.9
1.6.1-2ubuntu0.10
1.6.1-2ubuntu0.11
1.6.1-2ubuntu0.12
1.6.1-2ubuntu0.13
1.6.1-2ubuntu0.14
1.6.1-2ubuntu0.15
1.6.1-2ubuntu0.16
1.6.11-0ubuntu1
1.6.11-0ubuntu1.1
1.6.11-0ubuntu1.2
1.6.11-0ubuntu1.3
1.6.11-0ubuntu1.3+esm1
1.6.11-0ubuntu1.3+esm2
1.6.11-0ubuntu1.3+esm3
Ubuntu:Pro:16.04:LTS / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1.8.7-1ubuntu5.15+esm4?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.7-1ubuntu5.15+esm4
Affected versions
1.*
1.7.9-1ubuntu5
1.8.5-2ubuntu1
1.8.7-1ubuntu1
1.8.7-1ubuntu2
1.8.7-1ubuntu3
1.8.7-1ubuntu4
1.8.7-1ubuntu5
1.8.7-1ubuntu5.1
1.8.7-1ubuntu5.2
1.8.7-1ubuntu5.4
1.8.7-1ubuntu5.5
1.8.7-1ubuntu5.6
1.8.7-1ubuntu5.7
1.8.7-1ubuntu5.8
1.8.7-1ubuntu5.9
1.8.7-1ubuntu5.10
1.8.7-1ubuntu5.11
1.8.7-1ubuntu5.12
1.8.7-1ubuntu5.13
1.8.7-1ubuntu5.14
1.8.7-1ubuntu5.15
1.8.7-1ubuntu5.15+esm1
1.8.7-1ubuntu5.15+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"python-django-common": "1.8.7-1ubuntu5.15+esm4",
"python-django-doc": "1.8.7-1ubuntu5.15+esm4",
"python-django": "1.8.7-1ubuntu5.15+esm4",
"python3-django": "1.8.7-1ubuntu5.15+esm4"
}
]
}
Ubuntu:18.04:LTS / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1:1.11.11-1ubuntu1.16?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:1.11.11-1ubuntu1.16
Affected versions
1:1.*
1:1.11.4-1ubuntu1
1:1.11.6-1ubuntu1
1:1.11.9-1ubuntu1
1:1.11.11-1ubuntu1
1:1.11.11-1ubuntu1.1
1:1.11.11-1ubuntu1.2
1:1.11.11-1ubuntu1.3
1:1.11.11-1ubuntu1.4
1:1.11.11-1ubuntu1.5
1:1.11.11-1ubuntu1.6
1:1.11.11-1ubuntu1.7
1:1.11.11-1ubuntu1.8
1:1.11.11-1ubuntu1.9
1:1.11.11-1ubuntu1.10
1:1.11.11-1ubuntu1.11
1:1.11.11-1ubuntu1.12
1:1.11.11-1ubuntu1.13
1:1.11.11-1ubuntu1.14
1:1.11.11-1ubuntu1.15
Ubuntu:20.04:LTS / python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@2:2.2.12-1ubuntu0.10?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:2.2.12-1ubuntu0.10
Affected versions
1:1.*
1:1.11.22-1ubuntu1
2:2.*
2:2.2.6-1ubuntu1
2:2.2.9-2ubuntu1
2:2.2.10-1
2:2.2.10-1ubuntu1
2:2.2.11-1
2:2.2.12-1
2:2.2.12-1ubuntu0.1
2:2.2.12-1ubuntu0.2
2:2.2.12-1ubuntu0.3
2:2.2.12-1ubuntu0.4
2:2.2.12-1ubuntu0.5
2:2.2.12-1ubuntu0.6
2:2.2.12-1ubuntu0.7
2:2.2.12-1ubuntu0.8
2:2.2.12-1ubuntu0.9