Description

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

Remediation

References

CVE-2022-23833

Related Vulnerabilities

WordPress Plugin Batch Cat Security Bypass (0.3)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0457)

WordPress Plugin Easy Image Gallery Cross-Site Scripting (1.1.1)

Twisted Web HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-39348)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5266)

Severity

High

Classification

CVE-2022-23833 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities