Описание
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-django | fixed | 2:3.2.12-1 | package |
Примечания
https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main)
https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 (4.0.2)
https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (3.2.12)
https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a (2.2.27)
Связанные уязвимости
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
Уязвимость фреймворка для веб-приложений Django, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю выполнить отказ в обслуживании