CVE-2022-23833 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=2.2 <2.2.27 || >=3.2 <3.2.12 || >=4.0 <4.0.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00522 pctl0.65964

Details

Infinite Loop in Django An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

Metadata

Created: 2022-02-04T00:00:26Z
Modified: 2024-09-20T15:34:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-6cw3-g6wv-c2xv/GHSA-6cw3-g6wv-c2xv.json
CWE IDs: ["CWE-835"]
Alternative ID: GHSA-6cw3-g6wv-c2xv
Finding: F138
Auto approve: 1