Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-24580

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Related bugs and status

CVE-2023-24580 (Candidate) is related to these bugs:

Bug #2030472: [Debian] High CVE: CVE-2023-36053/CVE-2023-23969/CVE-2023-24580/CVE-2023-31047 python-django: multiple CVEs

Summary				In	Importance	Status
	2030472	[Debian] High CVE: CVE-2023-36053/CVE-2023-23969/CVE-2023-24580/CVE-2023-31047 python-django: multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.openwall.co...
MISC: https://docs.djangopro...
MISC: https://groups.google....
MISC: https://www.djangoproj...
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2023-3d775d93be
FEDORA: FEDORA-2023-bde7913e5a
FEDORA: FEDORA-2023-a74513bda8
CONFIRM: https://security.netap...
FEDORA: FEDORA-2023-8fed428c5e
FEDORA: FEDORA-2023-a53ab7c969