Home > Vulnerability Database > CVE-2023-24580

Mend.io Vulnerability Database

CVE-2023-24580

Good to know:

Date: February 14, 2023

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Language: Python

Severity Score

7.5

Related Resources (15)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/

Url: https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-24580

Url: https://security.netapp.com/advisory/ntap-20230316-0006/

Url: https://security-tracker.debian.org/tracker/CVE-2023-24580

Url: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/

Url: https://docs.djangoproject.com/en/4.1/releases/security/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/

Url: https://github.com/django/django/commit/85ac33591c393f1480d4f23b4daff40119cb6410

Url: https://groups.google.com/forum/#!forum/django-announce

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/

Url: http://www.openwall.com/lists/oss-security/2023/02/14/1

Url: https://www.mend.io/vulnerability-database/CVE-2023-24580

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version Django - 3.2.18,4.0.10,4.1.7

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-24580

Good to know:

Date: February 14, 2023

Language: Python

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?