CVE-2023-24580

Опубликовано: 14 фев. 2023

Источник: redhat

CVSS3: 7.5

EPSS Средний

Описание

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Ansible Automation Platform 1.2	ansible-tower	Will not fix
Red Hat Ansible Automation Platform 2	python3-django	Affected
Red Hat Ansible Automation Platform 2	python-django	Affected
Red Hat Ceph Storage 3	python-django	Out of support scope
Red Hat Discovery	discovery-server-container	Affected
Red Hat OpenStack Platform 13 (Queens)	python-django	Out of support scope
Red Hat OpenStack Platform 16.1	python-django20	Will not fix
Red Hat OpenStack Platform 16.2	python-django20	Will not fix
Red Hat OpenStack Platform 17.0	python-django	Will not fix
Red Hat Satellite 6	python3-django	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2169402python-django: Potential denial-of-service vulnerability in file uploads

EPSS

Процентиль: 94%

0.16091

Средний

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-24580

CVSS3: 7.5

ubuntu

больше 2 лет назад

CVE-2023-24580

CVSS3: 7.5

nvd

больше 2 лет назад

CVE-2023-24580

CVSS3: 7.5

debian

больше 2 лет назад

An issue was discovered in the Multipart Request Parser in Django 3.2 ...

openSUSE-SU-2023:0075-1

suse-cvrf

больше 2 лет назад

Security update for python-Django

openSUSE-SU-2023:0062-1

suse-cvrf

больше 2 лет назад

Security update for python-Django

EPSS

Процентиль: 94%

0.16091

Средний

7.5 High

CVSS3