Логотип exploitDog
product: "django"
Консоль
Логотип exploitDog

exploitDog

product: "django"
Django

Djangoсвободный фреймворк для веб-приложений на языке Python, использующий шаблон проектирования MVC

Релизный цикл, информация об уязвимостях

Продукт: Django
Вендор: djangoproject

График релизов

4.25.05.15.26.02023202420252026202720282029

Недавние уязвимости Django

Количество 775

debian логотип

CVE-2023-31047

почти 3 года назад

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...

CVSS3: 9.8
EPSS: Низкий
ubuntu логотип

CVE-2023-31047

почти 3 года назад

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

CVSS3: 9.8
EPSS: Низкий
redhat логотип

CVE-2023-31047

почти 3 года назад

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

CVSS3: 6.5
EPSS: Низкий
suse-cvrf логотип

openSUSE-SU-2023:0075-1

почти 3 года назад

Security update for python-Django

EPSS: Средний
suse-cvrf логотип

openSUSE-SU-2023:0062-1

почти 3 года назад

Security update for python-Django

EPSS: Средний
github логотип

GHSA-2hrw-hx67-34x6

почти 3 года назад

Resource exhaustion in Django

CVSS3: 7.5
EPSS: Средний
nvd логотип

CVE-2023-24580

почти 3 года назад

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

CVSS3: 7.5
EPSS: Средний
debian логотип

CVE-2023-24580

почти 3 года назад

An issue was discovered in the Multipart Request Parser in Django 3.2 ...

CVSS3: 7.5
EPSS: Средний
ubuntu логотип

CVE-2023-24580

почти 3 года назад

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

CVSS3: 7.5
EPSS: Средний
fstec логотип

BDU:2023-09100

почти 3 года назад

Уязвимость программной платформы для веб-приложений Django, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
debian логотип
CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...

CVSS3: 9.8
0%
Низкий
почти 3 года назад
ubuntu логотип
CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

CVSS3: 9.8
0%
Низкий
почти 3 года назад
redhat логотип
CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

CVSS3: 6.5
0%
Низкий
почти 3 года назад
suse-cvrf логотип
openSUSE-SU-2023:0075-1

Security update for python-Django

25%
Средний
почти 3 года назад
suse-cvrf логотип
openSUSE-SU-2023:0062-1

Security update for python-Django

25%
Средний
почти 3 года назад
github логотип
GHSA-2hrw-hx67-34x6

Resource exhaustion in Django

CVSS3: 7.5
25%
Средний
почти 3 года назад
nvd логотип
CVE-2023-24580

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

CVSS3: 7.5
25%
Средний
почти 3 года назад
debian логотип
CVE-2023-24580

An issue was discovered in the Multipart Request Parser in Django 3.2 ...

CVSS3: 7.5
25%
Средний
почти 3 года назад
ubuntu логотип
CVE-2023-24580

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

CVSS3: 7.5
25%
Средний
почти 3 года назад
fstec логотип
BDU:2023-09100

Уязвимость программной платформы для веб-приложений Django, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 7.5
25%
Средний
почти 3 года назад

Уязвимостей на страницу

Поделиться