Launchpad.net

CVE 2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

Related bugs and status

CVE-2023-31047 (Candidate) is related to these bugs:

Bug #2022089: Update Django to version 4.2 for mantic

		In	Importance	Status
2022089	Update Django to version 4.2 for mantic	python-django (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	hyperkitty (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	hyperkitty (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-mailman3 (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-mailman3 (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-assets (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-assets (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-menu-generator-ng (Ubuntu)	Undecided	Won't Fix
2022089	Update Django to version 4.2 for mantic	django-menu-generator-ng (Ubuntu Mantic)	Undecided	Won't Fix
2022089	Update Django to version 4.2 for mantic	python-django-modelcluster (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-modelcluster (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-ara (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-ara (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-dbbackup (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-dbbackup (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-compressor (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-compressor (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-cte (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-cte (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-oauth-toolkit (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-oauth-toolkit (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-tables (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-tables (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	djangorestframework-filters (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	djangorestframework-filters (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	factory-boy (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	factory-boy (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	lava (Ubuntu Mantic)	Undecided	Won't Fix
2022089	Update Django to version 4.2 for mantic	postorius (Ubuntu Mantic)	Undecided	Invalid
2022089	Update Django to version 4.2 for mantic	python-django-celery-results (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-celery-results (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-crispy-forms (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-crispy-forms (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-tagging (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	python-django-tagging (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-cachalot (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	django-cachalot (Ubuntu Mantic)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	psycopg3 (Ubuntu)	Undecided	Fix Released
2022089	Update Django to version 4.2 for mantic	psycopg3 (Ubuntu Mantic)	Undecided	Fix Released

Bug #2030472: [Debian] High CVE: CVE-2023-36053/CVE-2023-23969/CVE-2023-24580/CVE-2023-31047 python-django: multiple CVEs

Summary				In	Importance	Status
	2030472	[Debian] High CVE: CVE-2023-36053/CVE-2023-23969/CVE-2023-24580/CVE-2023-31047 python-django: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-31047

Related bugs and status

Related bugs

References