Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-31047

Опубликовано: 03 мая 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded.

Отчет

Red Hat Satellite and Red Hat Update Infrastructure individual impact ratings have been set to Low since initial privileges are required in order to access the server and the vulnerable functionality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2python-djangoNot affected
Red Hat Ceph Storage 3python-djangoNot affected
Red Hat OpenStack Platform 13 (Queens)python-djangoNot affected
Red Hat OpenStack Platform 16.1python-django20Not affected
Red Hat OpenStack Platform 16.2python-django20Not affected
Red Hat OpenStack Platform 17.0python-djangoNot affected
Red Hat Storage 3python-djangoNot affected
Red Hat Satellite 6.13 for RHEL 8python-djangoFixedRHSA-2023:593119.10.2023
Red Hat Satellite 6.13 for RHEL 8python-djangoFixedRHSA-2023:593119.10.2023
Red Hat Satellite 6.14 for RHEL 8python-djangoFixedRHSA-2023:681808.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2192565python-django: Potential bypass of validation when uploading multiple files using one form field

EPSS

Процентиль: 20%
0.00063
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-31047

CVSS3: 9.8
ubuntu
около 2 лет назад

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

nvd логотип

CVE-2023-31047

CVSS3: 9.8
nvd
около 2 лет назад

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

debian логотип

CVE-2023-31047

CVSS3: 9.8
debian
около 2 лет назад

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...

redos логотип

ROS-20230621-01

CVSS3: 9.8
redos
почти 2 года назад

Уязвимость Django

github логотип

GHSA-r3xc-prgr-mg9p

CVSS3: 9.8
github
около 2 лет назад

Django bypasses validation when using one form field to upload multiple files

EPSS

Процентиль: 20%
0.00063
Низкий

6.5 Medium

CVSS3