CVE-2023-24580 – django

Package

Manager: pip
Name: django
Vulnerable Version: >=3.2a1 <3.2.18 || >=4.1a1 <4.1.7 || >=4.0a1 <4.0.10

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.12511 pctl0.93683

Details

Resource exhaustion in Django An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Metadata

Created: 2023-02-15T03:30:47Z
Modified: 2025-03-19T15:39:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-2hrw-hx67-34x6/GHSA-2hrw-hx67-34x6.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-2hrw-hx67-34x6
Finding: F002
Auto approve: 1