Description

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Remediation

References

CVE-2023-24580

Related Vulnerabilities

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.16)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (1.6.9)

Oracle Database Server Improper Input Validation Vulnerability (CVE-2020-1953)

WordPress Plugin Front File Manager 'upload.php' Arbitrary File Upload (0.1)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.1.4)

Severity

High

Classification

CVE-2023-24580 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities